CMMC Practice IA.2.079

Prohibit password reuse for a specified number of generations.

Source

CMMC Version 1.02, pg. 133

Bold Coast Security Guidance

You will probably define a policy requiring users to change their password every so often. This particular practice dis-allows reuse of passwords, usually set to 10 past passwords. The system will remember those 10 previous password hashes and make sure the user does no reuse an old password. It is interesting that the "Discussion" for the practice states the requirement does not apply to temporary passwords. We strongly suggest using unique temporary passwords which meet your complexity requirements. Accounts are often created for new employees ahead of time, and when those new hires do not show up for their first day for whatever reason, you have an account on your network for which everyone knows the password!

Discussion From Source

DRAFT NIST SP 800-171 R2 Password lifetime restrictions do not apply to temporary passwords.

References