IA-5(4) — Automated Support for Password Strength Determination

This enhancement requires automated tools to check password strength — the system should reject weak passwords automatically, not rely on users to choose strong ones.

Example 1: Enable Azure AD Password Protection to automatically block passwords that contain dictionary words, repeated characters, or patterns found in breach databases.

Example 2: Configure your Linux PAM password quality module (pam_pwquality) to enforce minimum length, character diversity, and dictionary word checks at password change time.