CMMC Domain IA Identification and Authentication

Closely tied to Access Control, this Domain contains practices to ensure that only the person assigned to a user account is the one using it.

IA.L2-3.5.11: Obscure feedback of authentication information.
IA.L2-3.5.6: Disable identifiers after a defined period of inactivity.
IA.L1-3.5.1: Identify information system users, processes acting on behalf of users, or devices.
IA.L1-3.5.2: Authenticate (or verify) the identities of those users, processes, or devices, as a prerequisite to allowing access to organizational information systems.
IA.L2-3.5.3: Use multifactor authentication for local and network access to privileged accounts and for network access to non-privileged accounts.
IA.L2-3.5.4: Employ replay-resistant authentication mechanisms for network access to privileged and non-privileged accounts.
IA.L2-3.5.5: Prevent the reuse of identifiers for a defined period.
IA.L2-3.5.7: Enforce a minimum password complexity and change of characters when new passwords are created.
IA.L2-3.5.8: Prohibit password reuse for a specified number of generations.
IA.L2-3.5.9: Allow temporary password use for system logons with an immediate change to a permanent password.
IA.L2-3.5.10: Store and transmit only cryptographically-protected passwords.