History

Priority

must

2010

Agencies must:• ensure passwords are changed at least every 90 days• prevent system users from changing their password more than once a day• check passwords for compliance with their password selection policy where the system cannot beconfigured to enforce complexity requirements• force the system user to change an expired password on initial logon or if reset.