CMMC 1.0 Practice IA.2.081 Requirement:
Store and transmit only cryptographically protected passwords.
CMMC 1.0 IA.2.081 Requirement Explanation:
If an attacker gets a hold of an unencrypted password he can gain access to your systems. By storing them as a one way hash it is more difficult for an attacker to use them.
Example CMMC 1.0 IA.2.081 Implementation:
Ensure that your passwords are stored on your systems using a "one-way hash". Many systems such as Active Directory do this be default. Confirm that your systems are in fact storing your password cryptographically.
CMMC 1.0 IA.2.081 Scenario(s):
- Scenario 1:
Your company's systems use active directory for authentication. Active directory stores passwords as one-way hashes and transmits them in an encrypted format.
Quick & Simple
Discover Our Cybersecurity Compliance Solutions:
Whether you need to meet and maintain your compliance requirements, help your clients meet them, or verify supplier compliance we have the expertise and solution for you
CMMC Level 1 Compliance
Become compliant, provide compliance services, or verify partner compliance with CMMC Level 1 Basic Safeguarding of Covered Contractor Information Systems requirements.
NIST SP 800-171 & CMMC Level 2 Compliance
Become compliant, provide compliance services, or verify partner compliance with NIST SP 800-171 and CMMC Level 2 requirements.
HIPAA Compliance
Become compliant, provide compliance services, or verify partner compliance with HIPAA security rule requirements.
ISO 27001 Compliance
Become compliant, provide compliance services, or verify partner compliance with ISO 27001 requirements.
FAR 52.204-21 Compliance
Become compliant, provide compliance services, or verify partner compliance with FAR 52.204-21 Basic Safeguarding of Covered Contractor Information Systems requirements.