5.4.1.5 Ensure all users last password change date is in the past
Information
All users should have a password change date in the past. If a users recorded password change date is in the future then they could bypass any set password expiration.
Solution
Investigate any users with a password change date in the future and correct them. Locking the account, expiring the password, or resetting the password manually may be appropriate.