IA.L2-3.5.9 Temporary Passwords

Consolidation of default passwords for commercial software and hardware products.

This document provides assessment guidance for conducting Cybersecurity Maturity Model Certification (CMMC) assessments for Level 2.

The following code example shows how to set the "User must change password at next logon" option.

This article provides guidance for the Identification and Authorization (IA) domain. There's a table with links to content that provides step-by-step guidance to accomplish the practice.

The scope of this test is to verify if it is possible to collect a set of valid usernames by interacting with the authentication mechanism of the application.

This link discusses the process of testing web applications for default credentials.

This article describes how to audit user accounts and set some guidelines around password expiration and change frequency. For the examples, I use the chage command.

This SANS guideline provides best practices for creating secure passwords.

This is a sample password protection policy from SANS.

This SANS whitepaper discusses vendor-supplied passwords that are embedded in software/hardware.

US-CERT alert that reviews the risk associated with default passwords on internet-connected systems.

We all get temporary mental lapses, right, especially as we get older, let’s talk about NIST 800-171 Control 3.5.9 Identifiers and Authentication in NIST 800-171.