Which policy provides guidelines for implementing strong password protection on organizational resources?

A password policy defines the rules and standards for creating, using, and protecting passwords across an organization. It sets expectations for password length and complexity, how often passwords must be changed, whether reuse is allowed, and how passwords should be stored and managed. It may also specify account lockout rules and when multi-factor authentication should be used. By establishing these guidelines, the policy provides a clear, consistent baseline that reduces the risk of credential theft and unauthorized access to resources. Other policies focus on different areas, such as how systems connect to networks, what users may and may not do with resources, or protections for email. They don’t lay out the password-specific protections needed to safeguard organizational resources, so they aren’t the best fit for this question.