CMMC Practice Requirement:

Prohibit password reuse for a specified number of generations.

CMMC Requirement Explanation:

The reuse of passwords can greatly diminish the effectiveness of passwords.

Example CMMC Implementation:

Configure your user accounts not to accept passwords the reuse of passwords after a specified number of generations. For Windows systems this can be accomplished using group policy. Restricting the reuse of passwords for five generations is a common policy.

Scenario(s):

- Scenario 1:

John needs to set a new password for his account. He enters a password that he used earlier in the year. Because of his organization's password reuse policy he receives an error message and is forced to come up with a new password.
 

Discover Our NIST SP 800-171 Solutions:

 /assets/images/compliance_accelerator_white.png

Compliance Accelerator

For contractors seeking compliance
 /assets/images/quantum_assessor_white.png

Quantum Assessor

For IT service providers
 /assets/images/supply_chain_logo_white.png

Supply Chain Verifier

For contractors seeking to verify partner compliance