CMMC Practice Requirement:

Store and transmit only cryptographically protected passwords.

CMMC Requirement Explanation:

If an attacker gets a hold of an unencrypted password he can gain access to your systems. By storing them as a one way hash it is more difficult for an attacker to use them.

Example CMMC Implementation:

Ensure that your passwords are stored on your systems using a "one-way hash". Many systems such as Active Directory do this be default. Confirm that your systems are in fact storing your password cryptographically.

Scenario(s):

- Scenario 1:

Your company's systems use active directory for authentication. Active directory stores passwords as one-way hashes and transmits them in an encrypted format.
 

Discover Our NIST SP 800-171 Solutions:

 /assets/images/compliance_accelerator_white.png

Compliance Accelerator

For contractors seeking compliance
 /assets/images/quantum_assessor_white.png

Quantum Assessor

For IT service providers
 /assets/images/supply_chain_logo_white.png

Supply Chain Verifier

For contractors seeking to verify partner compliance