Defines the frequency for updating commonly used, expected, or compromised passwords, when they are suspected of being compromised directly or indirectly.
No STIG checks reference this CCI.