Reference: CMMC 2.11
Family: IA
Level Introduced: 2
Title: Cryptographically-Protected Passwords
Practice:
Store and transmit only cryptographically-protected passwords.
CMMC Clarification:
All passwords must be cryptographically protected in a one-way function for storage and transmission. This type of protection changes passwords into another form, or a hashed password. A one-way transformation makes it impossible to turn the hashed password back into the original password.
Example
You are responsible for managing passwords for your organization. You protect all passwords with a one-way transformation, or hashing, before storing or transmitting them.
Implementation Strategies
This is for registered users only. Please sign up for a free account, or Login, to see complete cross references to other standards and frameworks.
NIST 800-171 Requirements (1)
This is for registered users only. Please sign up for a free account, or Login, to see complete cross references to other standards and frameworks.
NIST 800-53 Controls (1)
This is for registered users only. Please sign up for a free account, or Login, to see complete cross references to other standards and frameworks.