Security Catapult logo

Security Catapult

  • Pricing
  • CMMC Docs
    CMMC Overview & FAQ CMMC Level 1 Reference CMMC Level 2 Reference CMMC Level 3 Reference
  • Sign in
  • Sign up
  • Overview
  • Level 1
  • Level 2
  • Level 3

CMMC Domain IA Identification and Authentication

Closely tied to Access Control, this Domain contains practices to ensure that only the person assigned to a user account is the one using it.

IA.L2-3.5.11
Obscure feedback of authentication information.
IA.L2-3.5.6
Disable identifiers after a defined period of inactivity.
IA.L1-3.5.1
Identify information system users, processes acting on behalf of users, or devices.
IA.L1-3.5.2
Authenticate (or verify) the identities of those users, processes, or devices, as a prerequisite to allowing access to organizational information systems.
IA.L2-3.5.3
Use multifactor authentication for local and network access to privileged accounts and for network access to non-privileged accounts.
IA.L2-3.5.4
Employ replay-resistant authentication mechanisms for network access to privileged and non-privileged accounts.
IA.L2-3.5.5
Prevent the reuse of identifiers for a defined period.
IA.L2-3.5.7
Enforce a minimum password complexity and change of characters when new passwords are created.
IA.L2-3.5.8
Prohibit password reuse for a specified number of generations.
IA.L2-3.5.9
Allow temporary password use for system logons with an immediate change to a permanent password.
IA.L2-3.5.10
Store and transmit only cryptographically-protected passwords.
Security Catapult logo
Site
  • Pricing
  • Sign in
  • Sign up
CMMC Docs
  • Maturity Level 1
  • Maturity Level 2
  • Maturity Level 3
SPRS and NIST
  • Get your SPRS score
About
  • Assessments
  • Security Advisors
  • Terms of Use
  • Privacy Policy
© 2022 Security Catapult, Inc. All Rights Reserved.
Contact Us

Sign up for Free 30 day trial or enter your email address below and we'll get in touch.

We respect your privacy and will not remarket your information.