CMMC Practice IA.2.078: Enforce a minimum password complexity and change of characters when new passwords are created.
CMMC CLARIFICATION (Ref CMMC – Appendix B)
Password complexity means using different types of characters as well as a specified number of characters. These include numbers, lowercase and uppercase letters, and symbols. Define the lowest level of password complexity required. Enforce this rule for all passwords.