Write a professional memo to your management indicating why you believe the business needs to have a password policy. Define what the policy should be with respect to the password and justify why you believe the policy should be that. What are you protecting the business from and how does your recommendation do that?

Your memo should open with specific, compelling reasons why the organization should implement your policy recommendations. What benefits will be gained? What problems will be solved or alleviated? End with a strong conclusion.  Speak in a language that a manager understands, and make sure you appeal to management priorities.
Recommendations should be reasonably specific and justified; tell the reader, in top-level terms what actions to take and why (i.e. “Enable the jatzenframing module on all Linux servers. This will prevent kibabble data leakage through covert channels”).  Your recommendations should stick to policies, and not the series of mouse-clicks to turn those policies on or off.

This assignment does not require the use of references. If you choose to use them, understand that I will critically evaluate your choices. If the only justification you provide for a policy is essentially “this is what the vendor recommends”, understand that is not a good reflection of critical thinking in an academic or a professional environment.