CMS sets the criteria for frequency of password resets and the characters that are required for password resets. These requirements are part of the Acceptable Risk Safeguards (ARS) which is a component of the National Institute of Standardized Technology (NIST).
- Password is case sensitive.
- Must be at least 8 characters long.
- Must be no more than 50 characters long.
- Must include at least 1 number.
- Must have at least 1 symbol (non-letter or number) character.
- Must have at least 1 lowercase letter.
- Must have at least 1 uppercase letter.
- Can be changed no more often than once every 1 day.
- New password may not have been used previously.
- New passwords must contain at least four different characters than previous password.
- CMS requires passwords be changed every 60 days
- Keep record of security answers to use the self-service rest password/unlock account feature
- Be sure to clear your cookies/cache, close all browser windows and open a new one before you log in
- Never save your NMP password in your browser
For Questions Relating to Multi-Factor Authentication (MFA), visit the MFA page on the Portal Guide.