CMMC Practice - IA.1.076

Identify information system users, processes acting on behalf of users, or devices.

CMMC Practice - IA.1.077

Authenticate (or verify) the identities of those users, processes, or devices, as a prerequisite to allowing access to organizational information systems.

CMMC Practice - IA.2.078

Enforce a minimum password complexity and change of characters when new passwords are created.

CMMC Practice - IA.2.079

Prohibit password reuse for a specified number of generations.

CMMC Practice - IA.2.080

Allow temporary password use for system logons with an immediate change to a permanent password.

CMMC Practice - IA.2.081

Store and transmit only cryptographically protected passwords.

CMMC Practice - IA.2.082

Obscure feedback of authentication information.

CMMC Practice - IA.3.083

Use multi-factor authentication for local and network access to privileged accounts and for network access to nonprivileged accounts.

CMMC Practice - IA.3.084

Employ replay-resistant authentication mechanisms for network access to privileged and non-privileged accounts.

CMMC Practice - IA.3.085

Prevent the reuse of identifiers for a defined period.

CMMC Practice - IA.3.086

Disable identifiers after a defined period of inactivity.