8.5.10 For a sample of system components, critical servers, and wireless access points, obtain and inspect system configuration settings to verify that password parameters are set to require passwords to be at least seven characters long
For Service Providers only, review internal processes and customer/user documentation to verify that customer passwords are required to meet minimum length requirements