CMMC Practice Requirement:
Store and transmit only cryptographically protected passwords.
CMMC Requirement Explanation:
If an attacker gets a hold of an unencrypted password he can gain access to your systems. By storing them as a one way hash it is more difficult for an attacker to use them.
Example CMMC Implementation:
Ensure that your passwords are stored on your systems using a "one-way hash". Many systems such as Active Directory do this be default. Confirm that your systems are in fact storing your password cryptographically.
- Scenario 1:
Your company's systems use active directory for authentication. Active directory stores passwords as one-way hashes and transmits them in an encrypted format.
Discover Our NIST SP 800-171 Solutions:
For contractors seeking compliance
For IT service providers
Supply Chain Verifier
For contractors seeking to verify partner compliance