Specifies how passwords must be defined and employed for all user accounts on a system. It specifically addresses the issues of password aging, password uniqueness, and locking a user account because of invalid logon attempts. CFR 21 Part 11 mandates technical controls in these areas specifically.