This is to inform you that we need following Password Polices in Application, as per our ITGC audit recommendation.
User Account should lock on unsuccessful login attempts. No. of attempts should be configurable.
To UNLOCK the account should be part of Admin rights.
In Password Policy we required not allowing last 3 used passwords.
Account lockout time 15 minutes in idle condition.