policyCategoryAuthentication policyContent (policyAttributeFailedAuthentications < policyAttributeMaximumFailedAuthentications) OR (policyAttributeCurrentTime > (policyAttributeLastFailedAuthenticationTime + autoEnableInSeconds)) policyIdentifier Authentication Lockout policyParameters autoEnableInSeconds 300 policyAttributeMaximumFailedAuthentications 3 policyContent policyAttributeLastAuthenticationTime > policyAttributeCurrentTime - (policyAttributeInactiveDays * 24 * 60 * 60) policyIdentifier Inactive Account policyParameters policyAttributeInactiveDays 35 policyCategoryPasswordChange policyContent policyAttributeCurrentTime > policyAttributeLastPasswordChangeTime + (policyAttributeExpiresEveryNDays * 24 * 60 * 60) policyIdentifier Password Expires after 60 days policyParameters policyAttributeExpiresEveryNDays 60 policyCategoryPasswordContent policyContent policyAttributePassword matches '(.*[A-Z].*){1,}+' policyIdentifier Must have at least 1 uppercase letter policyParameters minimumAlphaCharactersUpperCase 1 policyContent policyAttributeLastPasswordChangeTime < policyAttributeCurrentTime - (policyAttributeMinimumLifetimeHours * 60 * 60) policyIdentifier Minimum Password Lifetime policyParameters policyAttributeMinimumLifetimeHours 24 policyContent policyAttributePassword matches '.{15,}+' policyIdentifier Must be at least 15 characters policyParameters minimumLength 15 policyContent policyAttributePassword matches '(.*[0-9].*){1,}+' policyIdentifier Must have at least 1 numeric value policyParameters minimumNumericCharacters 2 policyContent policyAttributePassword matches '(.*[a-z].*){1,}+' policyIdentifier Must have at least 1 lowercase letter policyParameters minimumAlphaCharactersLowerCase 1 policyContent policyAttributePassword matches '(.*[A-Z].*){1,}+' policyIdentifier Must have at least 1 uppercase letter policyParameters minimumAlphaCharacters 1 policyContent policyAttributePassword matches '(.*[^a-zA-Z0-9].*){1,}+' policyIdentifier Must have at least 1 special characters policyParameters minimumSymbols 1 policyContent none policyAttributePasswordHashes in policyAttributePasswordHistory policyIdentifier Cannot match the last 5 passwords policyParameters policyAttributePasswordHistoryDepth 5