This objective requires your organization to clearly define when a password must be changed, whether due to potential compromise, account misuse, or changes in user access. It focuses on outlining the conditions or triggers that prompt password updates to maintain account security.