IA.L2-3.5.6[b] – Examine system configurations to ensure that passwords are changed when required.

This objective ensures that your systems are technically configured and operationally aligned to enforce password changes when conditions defined in IA.L2-3.5.6[a] are met. It validates that password change procedures are not just defined, but actually triggered and enforced during relevant events.