3.5
Identification and Authentication
11 controls · 4 weighted 5 points · NIST SP 800-171 Rev 2
3.5.1Identify system users, processes, and devices5 points
3.5.2Authenticate users, processes, and devices as a prerequisite to access5 points
3.5.3Use multifactor authentication for privileged and network accessUp to 5 points (conditional)
3.5.4Employ replay-resistant authentication mechanisms1 point
3.5.5Prevent reuse of identifiers for a defined period1 point
3.5.6Disable identifiers after a defined period of inactivity1 point
3.5.7Enforce minimum password complexity and change of characters1 point
3.5.8Prohibit password reuse for a specified number of generations1 point
3.5.9Allow temporary password use with immediate change to permanent1 point
3.5.10Store and transmit only cryptographically-protected passwords5 points
3.5.11Obscure feedback of authentication information1 point
Estimate your SPRS score in 2 minutes
15 quick questions across the highest-impact controls — instant estimate, no signup.
Estimate my SPRS score →Source: NIST SP 800-171 Rev 2 (public domain) · SPRS weighting per the DoD Assessment Methodology