IA.2.078 Enforce a minimum password complexity and change of characters when new passwords are created.

CMMC Practice IA.2.078: Enforce a minimum password complexity and change of characters when new passwords are created.

Links to Publicly Available Resources

CMMC CLARIFICATION (Ref CMMC – Appendix B)

Password complexity means using different types of characters as well as a specified number of characters. These include numbers, lowercase and uppercase letters, and symbols. Define the lowest level of password complexity required. Enforce this rule for all passwords.