NIST SP 800-171 & CMMC 2.0 3.5.9 Requirement:

Allow temporary password use for system logons with an immediate change to a permanent password.

NIST SP 800-171 & CMMC 2.0 3.5.9 Requirement Explanation:

Temporary passwords often follow a consistent style (e.g., ChangeMe2020!), this means that they can be more easily guessed by an attacker. If users are forced to change their password upon receiving a temporary one you can reduce this risk. For added security you can provide employees with a randomly generated password when they request a password reset.

Example NIST SP 800-171 & CMMC 2.0 3.5.9 Implementation:

When providing a temporary password to a user, set their account to require a password reset upon login. An example of when this will need to be done is when providing a password to a new employee or when an employee requests a password reset.

NIST SP 800-171 & CMMC 2.0 3.5.9 Scenario(s):

- Scenario 1:

John has requested a new password. Alice resets his password and sets his account to require a new password upon login. Alice provides John with the password, when John logs in he is required to set a new one.
 

Quick & Simple

Discover Our Cybersecurity Compliance Solutions:

Whether you need to meet and maintain your compliance requirements, help your clients meet them, or verify supplier compliance we have the expertise and solution for you

 CMMC Level 1 Compliance App

CMMC Level 1 Compliance

Become compliant, provide compliance services, or verify partner compliance with CMMC Level 1 Basic Safeguarding of Covered Contractor Information Systems requirements.
 NIST SP 800-171 & CMMC Level 2 Compliance App

NIST SP 800-171 & CMMC Level 2 Compliance

Become compliant, provide compliance services, or verify partner compliance with NIST SP 800-171 and CMMC Level 2 requirements.
 HIPAA Compliance App

HIPAA Compliance

Become compliant, provide compliance services, or verify partner compliance with HIPAA security rule requirements.
 ISO 27001 Compliance App

ISO 27001 Compliance

Become compliant, provide compliance services, or verify partner compliance with ISO 27001 requirements.
 FAR 52.204-21 Compliance App

FAR 52.204-21 Compliance

Become compliant, provide compliance services, or verify partner compliance with FAR 52.204-21 Basic Safeguarding of Covered Contractor Information Systems requirements.