IA.2.079

Control Acronym

IA

Family

Identification And Authentication

CMMC Level

2

800-171 Control #

3.5.8

CMMC Description

Prohibit password reuse for a specified number of generations.

CMMC Clarification

Individuals may not reuse passwords for a defined period of time and a set number of passwords generated. Example You are in charge of setting your organization’s password rules. You define how often individuals can reuse their passwords and the minimum number of password generations before reuse. Using new passwords helps provide increased network security.

800-171 Description

Prohibit password reuse for a specified number of generations.

800-171 Discussion

Password lifetime restrictions do not apply to temporary passwords.

Other Source Discussion

N/A

CIS Control References

CIS Controls v7.1 4.2, 4.4

NIST 800-53 Control Ref.

NIST SP 800-53 Rev 4 IA-5(1)

CMMC Derived

NIST CSF Control References

NIST 800-171 References

NIST SP 800-171 Rev 1 3.5.8

Applicable FAR Clause

NIST CSF Control Reference

NIST CSF v1.1 PR.AC-1, PR.AC-6, PR.AC-7

CERT RMM Reference

Modification of NIST 800-171B Reference

NIST 800-171B Reference

UK NCSCCyber Reference

AS ACSC Reference

Assessment Sub-Criteria 1

IA.2.079.[a] the number of generations during which a password cannot be reused is specified and

Assessment Sub-Criteria 2

IA.2.079.[b] reuse of passwords is prohibited during the specified number of generations.

Assessment Sub-Criteria 3

Assessment Sub-Criteria 4

Assessment Sub-Criteria 5

Assessment Sub-Criteria 6

Assessment Sub-Criteria 7

Assessment Sub-Criteria 8

Assessment Sub-Criteria 9

Assessment Sub-Criteria 10

Assessment Sub-Criteria 11

Assessment Sub-Criteria 12

Assessment Sub-Criteria 13

Assessment Sub-Criteria 14

Assessment Sub-Criteria 15