CMMC Practice IA.L2-3.5.10

Cryptographically-Protected Passwords: Store and transmit only cryptographically-protected passwords.

Monarch ISC Guidance

Most systems store password in this manner by default today. If, however, your organization is designing or building an application which supports authentication, be sure the security requirements include protecting passwords with a supported one-way hash. Never allow any system to store passwords in plain text files.

Discussion From Source

NIST SP 800-171 R2 Cryptographically-protected passwords use salted one-way cryptographic hashes of passwords. See NIST Cryptographic Standards and Guidelines.

References