You have been hired to assess an OSC's implementation of secure password storage and transmission mechanisms. The OSC uses a popular identity and access management (IAM) solution from a reputable vendor to manage user authentication across their systems. During the assessment, you examine the IAM solution's configuration and documentation, which indicate that passwords are hashed using industry-standard algorithms like SHA-256 or bcrypt before being stored in the system's database. Additionally, the IAM solution leverages TLS encryption for all communications, ensuring that passwords are transmitted securely over the network. Based on the information provided, how would you assess the OSC's compliance with CMMC practice IA.L2-3.5.10 – Cryptographically-Protected Passwords, which requires organizations to store and transmit only cryptographically protected passwords?
Submit