Which of the following parameters must be enforced for password-only authentication according to CIP-007 R5.5?

The requirement for password-only authentication under CIP-007 R5.5 emphasizes the importance of having strong password policies to enhance security. The standard mandates a minimum complexity requirement of three character types. This means that passwords must include a combination of uppercase letters, lowercase letters, numbers, and special characters.

This approach is designed to create stronger passwords that are harder to guess or crack, addressing vulnerabilities that may arise from simple or easily predictable passwords. By enforcing complexity requirements, the standard aims to mitigate risks associated with unauthorized access to critical infrastructure systems. Therefore, implementing a password policy that requires a mixture of at least three types of characters significantly bolsters the security of systems within the scope of the NERC CIP standards.