I know of no requirement, and agree that while it is a good practice, it is not practical.
I recommend urging customers to do this, but not to make it a requirement. It is difficult enough to remember all the passwords we have to now. By adding a revolving requirement we increase the likelihood that the user will put the password on a post-it note and stick it on the monitor or under the mouse pad.
Your password requirement should be somewhat difficult, not the users name, not a common word, etc. With this and the customer having a choice, security should be fine.
------------------
Andy Zavoina
Opinions stated are not necessarily that of my employer.