CMMC Practice Requirement:

Authenticate (or verify) the identities of those users, processes, or devices, as a prerequisite to allowing access to organizational information systems.

CMMC Requirement Explanation:

Before you provide access to a person or a device, you need to verify that the user or device is who or what it claims to be. This verification is called authentication. The most common way to verify identity is by using a username and a hard-to-guess password.

Example CMMC Implementation:

Password protect your user accounts, and change any default passwords on your systems.

Scenario(s):

- Scenario 1:

Example:

Alice, a system administrator, creates a group policy requiring all user accounts to be password protected.
Alice used group policy to require user accounts to be password protected
Alice used group policy to require user accounts to be password protected

- Scenario 2:

Alice, a system administrator received a new router in the mail. The router comes configured with a default password of "admin123". Alice changes the password to something complex that meets her company's password requirements.
 

Discover Our NIST SP 800-171 Solutions:

 /assets/images/compliance_accelerator_white.png

Compliance Accelerator

For contractors seeking compliance
 /assets/images/quantum_assessor_white.png

Quantum Assessor

For IT service providers
 /assets/images/supply_chain_logo_white.png

Supply Chain Verifier

For contractors seeking to verify partner compliance