Information
The PASSWORD_GRACE_TIME setting determines how many days can pass after the user's password expires before the user's login capability is automatically locked out. The suggested value for this is five days or less.
Rationale:
Locking the user account after the expiration of the password change requirement's grace period can help prevent password-based attacks against any forgotten or disused accounts, while still allowing the account and its information to be accessible by DBA intervention.
Solution
Remediate this setting by executing the following SQL statement for each PROFILE returned by the audit procedure.
ALTER PROFILE <profile_name> LIMIT PASSWORD_GRACE_TIME 5;