Skip to content Skip to footer

CMMC and Passwords Guide

The Cybersecurity Maturity Model Certification (CMMC) is a cybersecurity compliance requirement that allows businesses to work with the Department of Defense. It adds an extra layer of security to protect sensitive data. It consists of five levels, with some businesses needing to work their way up. To read the entire document that lists the guidelines, visit this page.


How do you know which level your organization needs to comply with? The level is determined by how sensitive the data used for the contract is. Level 1 demonstrates fundamental cyber hygiene. If you work for a small DoD contracting company, you must adhere to these basic requirements such as using Braves$lake1! as your password instead of Password1!. Level 2 shifts your team from Level 1 to following the full compliance for NIST 800-171. If your company receives, processes, or creates CUI, then you will need to comply with Level 3 or above. The certification is valid for three years for levels 1-3. Levels 4 and 5 must be followed if your company handles “High Value Assets CUI.”

Where do passwords come in? No matter what level your organization falls under, you are still vulnerable to a data breach if you have weak password security.


Level 1 requires an authentication, such as a password, before logging into the organization’s information system.

Level 2 requires you to force minimum password complexity and change of characters when new passwords are created. It prohibits passwords being reused.


Level 3 requires multifactor authentication and disabling inactive user accounts or identifiers. Our nFront Account Disabler can help.

We ensure you have better passwords, often for less than 5% of the cost of your CMMC certification program. With the nFront Password Filter, you will have better security, and save time and money with your certification. Please contact us if you have any questions at [email protected]

Leave a comment