IA.2.080

Control Acronym

IA

Family

Identification And Authentication

CMMC Level

2

800-171 Control #

3.5.9

CMMC Description

Allow temporary password use for system logons with an immediate change to a permanent password.

CMMC Clarification

Users must change their temporary passwords the first time they log in. Temporary passwords usually follow a consistent style within an organization and can be more easily guessed than passwords created by the unique user. Example You are in charge of setting temporary passwords for your users. Users must change their temporary passwords to a permanent password the first time they log in.

800-171 Description

Allow temporary password use for system logons with an immediate change to a permanent password.

800-171 Discussion

Changing temporary passwords to permanent passwords immediately after system logon ensures that the necessary strength of the authentication mechanism is implemented at the earliest opportunity, reducing the susceptibility to authenticator compromises.

Other Source Discussion

N/A

CIS Control References

NIST 800-53 Control Ref.

NIST SP 800-53 Rev 4 IA-5(1)

CMMC Derived

NIST CSF Control References

NIST 800-171 References

NIST SP 800-171 Rev 1 3.5.9

Applicable FAR Clause

NIST CSF Control Reference

NIST CSF v1.1 PR.AC-1, PR.AC-6, PR.AC-7

CERT RMM Reference

Modification of NIST 800-171B Reference

NIST 800-171B Reference

UK NCSCCyber Reference

AS ACSC Reference

Assessment Sub-Criteria 1

IA.2.080.[a] an immediate change to a permanent password is required when a temporary password is used for system logon.

Assessment Sub-Criteria 2

Assessment Sub-Criteria 3

Assessment Sub-Criteria 4

Assessment Sub-Criteria 5

Assessment Sub-Criteria 6

Assessment Sub-Criteria 7

Assessment Sub-Criteria 8

Assessment Sub-Criteria 9

Assessment Sub-Criteria 10

Assessment Sub-Criteria 11

Assessment Sub-Criteria 12

Assessment Sub-Criteria 13

Assessment Sub-Criteria 14

Assessment Sub-Criteria 15