CMMC Practice Requirement:
Authenticate (or verify) the identities of those users, processes, or devices, as a prerequisite to allowing access to organizational information systems.
CMMC Requirement Explanation:
Before you provide access to a person or a device, you need to verify that the user or device is who or what it claims to be. This verification is called authentication. The most common way to verify identity is by using a username and a hard-to-guess password.
Example CMMC Implementation:
Password protect your user accounts, and change any default passwords on your systems.
- Scenario 1:
Alice, a system administrator, creates a group policy requiring all user accounts to be password protected.
- Scenario 2:
Alice, a system administrator received a new router in the mail. The router comes configured with a default password of "admin123". Alice changes the password to something complex that meets her company's password requirements.
Discover Our NIST SP 800-171 Solutions:
For contractors seeking compliance
For IT service providers
Supply Chain Verifier
For contractors seeking to verify partner compliance