NIST 800-171 R-3.5.2
Authenticate Users, Processes, and Devices
Official citation: 3.5.2
Class: core · Severity: critical
Statement of the obligation — verify against source
3.5.2
What it means
Verify the identity of users, processes, and devices before granting access. Manage authenticators — passwords, key cards, cryptographic or one-time-password devices, certificates — with rules for characteristics like minimum password length and the issuing and revoking of temporary credentials. Always change well-known factory-default credentials before putting a component into use, since they are a significant risk.
Educational reference only — not legal advice. Consult a qualified assessor or attorney for binding compliance determinations.