The "maximum password age" policy should meet minimum requirements.
number of days
via /etc/login.defs
Section: 2.3.1.7, Value: 180
CCE-U-8
oval:gov.nist.usgcb.rhel:def:20073
HIPAA/HITECH Act
Jericho Forum
BITS Shared Assessments SIG v6.0
FedRAMP Security Controls(Final Release Jan 2012)--LOW IMPACT LEVEL--
ISO/IEC 27001-2005
COBIT 4.1
GAPP (Aug 2009)
NERC CIP
NIST SP800-53 R3 AC-3
NIST SP800-53 R3 CM-6
NIST SP800-53 R3 CM-7
NIST SP800-53 R3 IA-5
NIST SP800-53 R3 SC-5
PCIDSS v2.0
FedRAMP Security Controls(Final Release Jan 2012)--MODERATE IMPACT LEVEL--
BITS Shared Assessments AUP v5.0
Guide to the Secure Configuration of Red Hat Enterprise Linux 5
NSA
2007-10-31
Prose(pdf)
Draft 2 of CCE candidates for Unix configuration issues
CCE
2007-11-07
Draft 2
MITRE
Spreadsheet(excel)
SCAP Repo OVAL Definition
2012-08-24
HIPAA/HITECH Act
2012-10-12
Jericho Forum
2012-10-12
BITS Shared Assessments SIG v6.0
2012-10-12
ISO/IEC 27001-2005
2012-10-12
COBIT 4.1
2012-10-12
GAPP (Aug 2009)
2012-10-12
NERC CIP
2012-10-12
NIST SP800-53 R3
2012-10-12
PCIDSS v2.0
2012-10-12
BITS Shared Assessments AUP v5.0
2012-10-12