hi How can we set these policies 1) Cyclical use of password restricted:** Privileged users (administrative ids like root, administrator, system, oracle etc) must never use the same password twice, i.e. their password must be unique every time. Other users must not repeat any of the previous 5 passwords. Wherever possible, the system must enforce such restrictions otherwise it is the user's responsibility to follow this procedure. 2) Storage of Critical Passwords** Critical passwords (passwords for privileged Ids, generic Ids etc.) must be stored through Critical Password Control Documents. Such passwords shall be recorded in specified forms and stored in two sets of envelopes (on-site and off-site). Records shall be maintained of custody, changes in these passwords and movement of the envelopes.) 3) Secure Conveyance of Passwords** Passwords should be conveyed to users in a secure manner. Passwords must never be disclosed via telephone or through third parties or through unprotected (clear text) electronic mails. If sent by mail or similar physical distribution systems, the mailings must have no markings indicating the nature of the enclosure