R130. Limit password lifespan
This document details the security requirements related to credentials for access to sensitive information of the organization. In this requirement, it is recommended that the system does not allow its passwords to have a lifespan of more than 30 days.
Passwords must be valid for a maximum of 30 days.
CWE-263: Password Aging with Long Expiration. Allowing password aging to occur unchecked can result in the possibility of diminished password integrity.