CMMC Practice IA.L2-3.5.10 – Cryptographically-Protected Passwords: Store and transmit only cryptographically-protected passwords.
Links to Publicly Available Resources
Discussion [NIST SP 800-171 R2]
Cryptographically-protected passwords use salted one-way cryptographic hashes of passwords.
See NIST Cryptographic Standards and Guidelines.
All passwords must be cryptographically protected using a one-way function for storage and transmission. This type of protection changes passwords into another form, or a hashed password. A one-way transformation makes it theoretically impossible to turn the hashed password back into the original password, but inadequate complexity (IA.L2-3.5.7) may still facilitate offline cracking of hashes.