CMMC Practice IA.L2-3.5.10

Store and transmit only cryptographically-protected passwords.

Bold Coast Security Guidance

Most systems store password in this manner by default today. If, however, your organization is designing or building an application which supports authentication, be sure the security requirements include protecting passwords with a supported one-way hash. Never allow any system to store passwords in plain text files.

Discussion From Source

DRAFT NIST SP 800-171 R2 Cryptographically-protected passwords use salted one-way cryptographic hashes of passwords. See NIST Cryptographic Standards and Guidelines.

References