Reference: CMMC 2.0
Level Introduced: 2
Title: Password Complexity
Enforce a minimum password complexity and change of characters when new passwords are created.
Password complexity means using different types of characters as well as a specified number of characters. These include numbers, lowercase and uppercase letters, and symbols. Define the lowest level of password complexity required. Enforce this rule for all passwords.
You are in charge of setting your organization's password rules. Everyone must use a combination of different types of characters for all new and changed passwords. Also, there is an established number of minimum characters for each password. Characters include numbers, lowercase and uppercase letters, and symbols. These rules help create hard-to- guess passwords, which help to secure your network.