A.9.4.3 Password Management System

It is a good security practice to change user passwords every 30 to 90 days., it ensures intruders cannot enter into the IT infrastructure. Administrators must identify and review all the mentioned password change events. For example, Windows platforms generate events with the ID of 4723 and 4724 for password change attempts.