Comment by rjgray
ISO 27001 doesn't say this. The control implementation guidance (ISO 27002) specifically cautions against requiring frequent password changes.
ISO 27001 doesn't say this. The control implementation guidance (ISO 27002) specifically cautions against requiring frequent password changes.