NIST 800-171 R-3.5.7
Enforce Password Complexity
Official citation: 3.5.7
Class: core · Severity: medium
Statement of the obligation — verify against source
3.5.7
What it means
Enforce a minimum password complexity and require a set number of characters to change when a new password is created. This applies to passwords used for single-factor authentication and as part of multifactor authenticators; salting passwords can further blunt certain brute-force attacks.
Educational reference only — not legal advice. Consult a qualified assessor or attorney for binding compliance determinations.