CMMC Practice Requirement:

Allow temporary password use for system logons with an immediate change to a permanent password.

CMMC Requirement Explanation:

Temporary passwords often follow a consistent style (e.g. ChangeMe2020!), this means that they can be more easily guessed by an attacker. If users are forced to change their password upon receiving a temporary one you can reduce this risk. For added security you can provide employees with a randomly generated password when they request a reset.

Example CMMC Implementation:

When providing a temporary password to a user set their account to require a password reset upon login. An example of when this will need to be done is when providing a password to a new employee or when an employee requests a password reset.

Scenario(s):

- Scenario 1:

Example:

John has requested a new password. Alice resets his password and sets his account to require a new password upon login. Alice provides John with the password, when John logs in he is required to set a new one.
Alice used active directory to require john to create a new password upon first login
Alice used active directory to require john to create a new password upon first login
 

Discover Our NIST SP 800-171 Solutions:

 /assets/images/compliance_accelerator_white.png

Compliance Accelerator

For contractors seeking compliance
 /assets/images/quantum_assessor_white.png

Quantum Assessor

For IT service providers
 /assets/images/supply_chain_logo_white.png

Supply Chain Verifier

For contractors seeking to verify partner compliance