NIST 800-171 R-3.5.9
Require Immediate Change of Temporary Passwords
Official citation: 3.5.9
Class: core · Severity: low
Statement of the obligation — verify against source
3.5.9
What it means
Allow a temporary password for an initial logon but require an immediate change to a permanent one. Switching right away ensures the full strength of the authentication mechanism is in place at the earliest opportunity, reducing the window for compromise.
Educational reference only — not legal advice. Consult a qualified assessor or attorney for binding compliance determinations.