AC.L2-3.5.8[a] — Identification & Authentication (Password Reuse)
Domain: IA | Practice: IA.L2-3.5.8 | Objective ID: 3.5.8[a] | Source: NIST SP 800-171 Rev. 2 / CMMC 2.0 Level 2
Assessment Objective: The number of generations before a password can be reused is specified.
Define the password history enforcement count (e.g., remember last 24 passwords) to prevent users from cycling back to familiar, potentially compromised passwords.