FHFA’s Chief Information Officer should ensure that upon initial login, FHFA users establish a new password that meets FHFA requirements for length and complexity and that the password is not a commonly used or a known compromised password.