CMMC IA.2.079 - Prohibit Password Reuse

CMMC IA.2.079 - Prohibit Password Reuse

Requirement text: IA.2.079: Prohibit password reuse for a specified number of generations.

DISCUSSION FROM SOURCE: DRAFT NIST SP 800-171 R2
Password lifetime restrictions do not apply to temporary passwords.

CMMC CLARIFICATION
Individuals may not reuse passwords for a defined period of time and a set number of
passwords generated.

Example
You are in charge of setting your organization’s password rules. You define how often
individuals can reuse their passwords and the minimum number of password generations
before reuse. Using new passwords helps provide increased network security.

References
• NIST SP 800-171 Rev 1 3.5.8
• CIS Controls v7.1 4.2, 4.4
• NIST CSF v1.1 PR.AC-1, PR.AC-6, PR.AC-7
• NIST SP 800-53 Rev 4 IA-5(1)

    • Related Articles

    • CMMC IA.2.078 - Enforce Password Complexity

      Requirement text: IA.2.078: Enforce a minimum password complexity and change of characters when new passwords are created. DISCUSSION FROM SOURCE: DRAFT NIST SP 800-171 R2 This requirement applies to single-factor authentication of individuals using ...

    • CMMC IA.3.085 - Prevent Reuse of System Identifiers

      Requirement text: IA.3.085: Prevent the reuse of identifiers for a defined period. DISCUSSION FROM SOURCE: DRAFT NIST SP 800-171 R2 Identifiers are provided for users, processes acting on behalf of users, or devices (IA.1.076). Preventing reuse of ...

    • CMMC IA.2.080 - Limit Use of Temporary Password

      Requirement text: IA.2.080: Allow temporary password use for system logons with an immediate change to a permanent password. DISCUSSION FROM SOURCE: DRAFT NIST SP 800-171 R2 Changing temporary passwords to permanent passwords immediately after system ...

    • Identification and Authentication: SP 800-171 Security Family 3.5

       For most systems, identification and authentication is often the first line of defense. Identification is the means of verifying the identity of a user, process, or device, typically as a prerequisite for granting access to resources in a system. ...

    • CMMC IA.2.081 - Encrypt Passwords

      Requirement text: IA.2.081: Store and transmit only cryptographically-protected passwords. DISCUSSION FROM SOURCE: DRAFT NIST SP 800-171 R2 Cryptographically-protected passwords use salted one-way cryptographic hashes of passwords. See NIST ...