Organizations can use this policy to protect critical systems and assets against physical and cyber threats. 

Sample procedures include: the user logs on with their setup password, the system forces the user to change their setup password, the user changes their password following company password parameters, the system confirms the password change, passwords must be updated every 90 days, passwords must be at least seven characters of any value, passwords may be issued for a minimum period of one day, and passwords must be unique in some variation five times before a previously used password may be valid.