The objective that is most appropriate to measure the effectiveness of password policy is newly

created account credentials satisfy requirements. This is because password policy is a set of rules and

guidelines that define the characteristics and usage of passwords in a system or network. Password

policy aims to enhance the security and confidentiality of the system or network by preventing

unauthorized access, data breaches, and identity theft. Therefore, the best way to evaluate the

effectiveness of password policy is to check whether the newly created account credentials meet the

requirements of the policy, such as length, complexity, expiration, and history. This objective can be

measured by conducting periodic audits, reviews, or tests of the account creation process and

verifying that the passwords comply with the policy standards. This is part of the Cloud Control

Matrix (CCM) domain IAM-02: User ID Credentials, which states that "The organization should have a

policy and procedures to manage user ID credentials for cloud services and data."1 Reference :=

CCAK Study Guide, Chapter 4: A Threat Analysis Methodology for Cloud Using CCM, page 76