The "Maximum password age" setting should be configured correctly. [999_max_days] (1) Computer Configuration/Windows Settings/Security Settings/Account Policies/Password Policy (Settings included in Domain Policies) oval:org.secpod.oval:def:7702 BITS Shared Assessments SIG v6.0 Jericho Forum HIPAA/HITECH Act FedRAMP Security Controls(Final Release Jan 2012)--LOW IMPACT LEVEL-- ISO/IEC 27001-2005 COBIT 4.1 GAPP (Aug 2009) NERC CIP NIST SP800-53 R3 AC-3 NIST SP800-53 R3 CM-6 NIST SP800-53 R3 CM-7 NIST SP800-53 R3 IA-5 NIST SP800-53 R3 SC-5 PCIDSS v2.0 FedRAMP Security Controls(Final Release Jan 2012)--MODERATE IMPACT LEVEL-- BITS Shared Assessments AUP v5.0 SCAP Repo OVAL Definition 2012-10-30 BITS Shared Assessments SIG v6.0 2012-10-12 Jericho Forum 2012-10-12 HIPAA/HITECH Act 2012-10-12 ISO/IEC 27001-2005 2012-10-12 COBIT 4.1 2012-10-12 GAPP (Aug 2009) 2012-10-12 NERC CIP 2012-10-12 NIST SP800-53 R3 2012-10-12 PCIDSS v2.0 2012-10-12 BITS Shared Assessments AUP v5.0 2012-10-12