CMMC Domain IA Identification and Authentication

Closely tied to Access Control, this Domain contains practices to ensure that only the person assigned to a user account is the one using it.

IA.3.083: Use multifactor authentication for local and network access to privileged accounts and for network access to non-privileged accounts.
IA.3.086: Disable identifiers after a defined period of inactivity.
IA.2.080: Allow temporary password use for system logons with an immediate change to a permanent password.
IA.2.079: Prohibit password reuse for a specified number of generations.
IA.2.078: Enforce a minimum password complexity and change of characters when new passwords are created.
IA.3.084: Employ replay-resistant authentication mechanisms for network access to privileged and non-privileged accounts.
IA.1.076: Identify information system users, processes acting on behalf of users, or devices.
IA.1.077: Authenticate (or verify) the identities of those users, processes, or devices, as a prerequisite to allowing access to organizational information systems.
IA.3.085: Prevent the reuse of identifiers for a defined period.
IA.2.081: Store and transmit only cryptographically-protected passwords.
IA.2.082: Obscure feedback of authentication information.