A company’s AUP requires:
Passwords must meet complexity requirements.
Passwords are changed at least once every six months.
Passwords must be at least eight characters long.
An auditor is reviewing the following report:
Which of the following controls should the auditor recommend to enforce the AUP?
A. Account lockout thresholds
B. Account recovery
C. Password expiration
D. Prohibit password reuse