A company`s AUP requires: ✑ Passwords must meet complexity requirements. ✑ Passwords are changed at least once every six months. ✑ Passwords must be at least eight characters long. An auditor is reviewing the following report: 

Which of the following controls should the auditor recommend to enforce the AUP? 

Answer options:

A. Account lockout thresholds
B. Account recovery
C. Password expiration
D. Prohibit password reuse

C