Information
The vCenter Server must be configured with an appropriate maximum password age. Modern best practices for passwords (NIST 800-63B Section 5.1.1.2, among other guidance) indicates that with adequate password entropy, security is not improved by arbitrarily requiring users to change their passwords at certain intervals. Many automated security tools and regulatory compliance frameworks do not reflect this guidance, and may override this recommendation.
NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.
Solution
Get-SsoPasswordPolicy | Set-SsoPasswordPolicy -PasswordLifetimeDays 9999