So does this mean they also changed the guidelines in the SSPA? This is their security framework / certification for vendors doing business with Microsoft.
Also NIST dropped password complexity requirements. The only hard requirement is it must be 8 characters or more. New guidelines is to let users choose their own level of complexity and encourage them to make longer passwords that they can actually remember.
We would like to follow NIST 800-53, but too many customers (like Microsoft) still do not allow for the 2016 NIST changes.
Also NIST dropped password complexity requirements. The only hard requirement is it must be 8 characters or more. New guidelines is to let users choose their own level of complexity and encourage them to make longer passwords that they can actually remember.
We would like to follow NIST 800-53, but too many customers (like Microsoft) still do not allow for the 2016 NIST changes.