AC.L2-3.5.7[c] — Identification & Authentication (Password Complexity)
Domain: IA | Practice: IA.L2-3.5.7 | Objective ID: 3.5.7[c] | Source: NIST SP 800-171 Rev. 2 / CMMC 2.0 Level 2
Assessment Objective: Passwords are checked against a list of commonly used, expected, or compromised passwords.
Screen new passwords against breach databases and common password lists to prevent users from selecting known-compromised credentials. This validates password quality during creation and change operations.