IA.L2-3.5.1[b] – Examine system accounts to ensure passwords are required for authenticating to systems.

This objective ensures that all system accounts identified as password-based (in IA.L2-3.5.1[a]) are actually configured to require a password when accessing systems that store, process, or transmit Controlled Unclassified Information (CUI). It validates that password authentication is technically enforced.