Reference: CMMC 2.11
Family: IA
Level Introduced: 2
Title: Password Complexity
Practice:
Enforce a minimum password complexity and change of characters when new passwords are created.
CMMC Clarification:
Password complexity means using different types of characters as well as a specified number of characters. These include numbers, lowercase and uppercase letters, and symbols. Define the lowest level of password complexity required. Enforce this rule for all passwords.
Example
You are in charge of setting your organization's password rules. Everyone must use a combination of different types of characters for all new and changed passwords. Also, there is an established number of minimum characters for each password. Characters include numbers, lowercase and uppercase letters, and symbols. These rules help create hard-to- guess passwords, which help to secure your network.
Implementation Strategies
This is for registered users only. Please sign up for a free account, or Login, to see complete cross references to other standards and frameworks.
NIST 800-171 Requirements (1)
This is for registered users only. Please sign up for a free account, or Login, to see complete cross references to other standards and frameworks.
NIST 800-53 Controls (1)
This is for registered users only. Please sign up for a free account, or Login, to see complete cross references to other standards and frameworks.