CMMC Practice Requirement:
Prohibit password reuse for a specified number of generations.
CMMC Requirement Explanation:
The reuse of passwords can greatly diminish the effectiveness of passwords.
Example CMMC Implementation:
Configure your user accounts not to accept passwords the reuse of passwords after a specified number of generations. For Windows systems this can be accomplished using group policy. Restricting the reuse of passwords for five generations is a common policy.
- Scenario 1:
John needs to set a new password for his account. He enters a password that he used earlier in the year. Because of his organization's password reuse policy he receives an error message and is forced to come up with a new password.
Discover Our NIST SP 800-171 Solutions:
For contractors seeking compliance
For IT service providers
Supply Chain Verifier
For contractors seeking to verify partner compliance