IA.L2-3.5.9 Temporary Passwords

CMMC Practice IA.L2-3.5.9 – Temporary Passwords: Allow temporary password use for system logons with an immediate change to a permanent password.

Links to Publicly Available Resources

Discussion [NIST SP 800-171 R2]
Changing temporary passwords to permanent passwords immediately after system logon ensures that the necessary strength of the authentication mechanism is implemented at the earliest opportunity, reducing the susceptibility to authenticator compromises.

Further Discussion
Users must change their temporary passwords the first time they log in. Temporary passwords often follow a consistent style within an organization and can be more easily guessed than passwords created by the unique user. This approach to temporary passwords should be avoided.