AC.L2-3.5.7[b] — Identification & Authentication (Password Complexity)
Domain: IA | Practice: IA.L2-3.5.7 | Objective ID: 3.5.7[b] | Source: NIST SP 800-171 Rev. 2 / CMMC 2.0 Level 2
Assessment Objective: Password complexity requirements are enforced when new passwords are created or changed.
Configure systems to technically enforce password requirements at creation and change time. Check new passwords against known-compromised-password lists when feasible. For organizations that handle CUI, this objective is critical to identity and access security.