There are articles and tweets circulating that say "Don't change passwords periodically" and that "prohibiting periodic password changes" is a new thing, so I'd like to point out that NIST SP2-2017 issued in June 6...
Further display NIST SP800-63B-4 2pd password standards have been followed since 2017 - the new requirement is phishing resistance