A company-s AUP requires:
- Passwords must meet complexity requirements.
- Passwords are changed at least once every six months.
- Passwords must be at least eight characters long.
An auditor is reviewing the following report:
Which of the following controls should the auditor recommend to enforce the AUP?
A. Account lockout thresholds
B. Account recovery
C. Password expiration
D. Prohibit password reuse