CMMC Practice IA.2.081

Store and transmit only cryptographically-protected passwords.

Source

CMMC Version 1.02, pg. 135

Bold Coast Security Guidance

Most systems store password in this manner by default today. If, however, your organization is designing or building an application which supports authentication, be sure the security requirements include protecting passwords with a supported one-way hash. Never allow any system to store passwords in plain text files.

Discussion From Source

DRAFT NIST SP 800-171 R2 Cryptographically-protected passwords use salted one-way cryptographic hashes of passwords. See NIST Cryptographic Standards and Guidelines.

References