The CFATS RBPS Metric 8.2.5, Password Management standard includes the following recommendations (choose all that apply).
1. Use strong passwords with numbers and upper and lower case letters
2. Monitor application contents (either via deep packet inspection via IPS or deep session inspection via an Application Monitor) for instances of weak passwords or known default passwords.
3. Implement a centralized authentication system (Active Directory or a Commercial IAM) to track user authentication requirements.
4. Change privileged account passwords at least once every 30 days