NIST SP 800-171 & CMMC 2.0 3.5.9 Requirement:

Allow temporary password use for system logons with an immediate change to a permanent password.

NIST SP 800-171 & CMMC 2.0 3.5.9 Requirement Explanation:

Temporary passwords often follow a consistent style (e.g., ChangeMe2020!), this means that they can be more easily guessed by an attacker. If users are forced to change their password upon receiving a temporary one you can reduce this risk. For added security you can provide employees with a randomly generated password when they request a password reset.

Example NIST SP 800-171 & CMMC 2.0 3.5.9 Implementation:

When providing a temporary password to a user, set their account to require a password reset upon login. An example of when this will need to be done is when providing a password to a new employee or when an employee requests a password reset.

NIST SP 800-171 & CMMC 2.0 3.5.9 Scenario(s):

- Scenario 1:

John has requested a new password. Alice resets his password and sets his account to require a new password upon login. Alice provides John with the password, when John logs in he is required to set a new one.
 

Quick & Simple

Discover Our Cybersecurity Compliance Solutions:

Whether you need to meet and maintain your compliance requirements, help your clients meet them, or verify supplier compliance we have the expertise and solution for you

 NIST SP 800-171 & CMMC Compliance App

NIST SP 800-171 & CMMC Compliance

Become compliant, provide compliance services, or verify partner compliance with NIST SP 800-171 and CMMC requirements.
 HIPAA Compliance App

HIPAA Compliance

Become compliant, provide compliance services, or verify partner compliance with HIPAA security rule requirements.
 FAR 52.204-21 Compliance App

FAR 52.204-21 Compliance

Become compliant, provide compliance services, or verify partner compliance with FAR 52.204-21 Basic Safeguarding of Covered Contractor Information Systems requirements.
 ISO 27001 Compliance App

ISO 27001 Compliance

Become compliant, provide compliance services, or verify partner compliance with ISO 27001 requirements.