diff --git a/doc/metadata/rhel7/RHEL-07-010230.rst b/doc/metadata/rhel7/RHEL-07-010230.rst
index 6c8209f3..9dc442a5 100644
--- a/doc/metadata/rhel7/RHEL-07-010230.rst
+++ b/doc/metadata/rhel7/RHEL-07-010230.rst
@@ -1,7 +1,9 @@
 ---
 id: RHEL-07-010230
-status: not implemented
-tag: misc
+status: implemented
+tag: auth
 ---
 
-This STIG requirement is not yet implemented.
+If any users have a maximum password age on their current password set to a
+length of over 60 days, a list of those users is provided in the Ansible
+output.
diff --git a/library/get_users b/library/get_users
index bb6ceeaa..72675898 100755
--- a/library/get_users
+++ b/library/get_users
@@ -16,6 +16,7 @@
 
 import grp
 import pwd
+import spwd
 from ansible.module_utils.basic import AnsibleModule
 
 
@@ -53,7 +54,8 @@ def make_user_dict(user_record):
         'gecos': user_record.pw_gecos,
         'dir': user_record.pw_dir,
         'shell': user_record.pw_shell,
-        'group': make_group_dict(user_record.pw_gid)
+        'group': make_group_dict(user_record.pw_gid),
+        'shadow': make_shadow_dict(user_record.pw_name)
     }
     return user_dict
 
@@ -73,6 +75,24 @@ def make_group_dict(gid):
     return group_dict
 
 
+def make_shadow_dict(username):
+    """Create a dictionary of user shadow password database attributes."""
+    try:
+        shadow_record = spwd.getspnam(username)
+    except KeyError:
+        return False
+
+    shadow_dict = {
+        'last_changed': shadow_record.sp_lstchg,
+        'min_days': shadow_record.sp_min,
+        'max_days': shadow_record.sp_max,
+        'warn_days': shadow_record.sp_warn,
+        'inact_days': shadow_record.sp_inact,
+        'expire_days': shadow_record.sp_expire,
+    }
+    return shadow_dict
+
+
 def main():
     """Ansible calls this function."""
     module = AnsibleModule(
diff --git a/tasks/rhel7stig/auth.yml b/tasks/rhel7stig/auth.yml
index ee221ef5..4f29f480 100644
--- a/tasks/rhel7stig/auth.yml
+++ b/tasks/rhel7stig/auth.yml
@@ -142,6 +142,21 @@
     - medium
     - RHEL-07-010240
 
+- name: RHEL-07-010230 - Existing passwords must be restricted to a 60-day maximum lifetime.
+  debug:
+    msg: |
+      The following user accounts have an existing password with a lifetime of
+      greater than 60 days:
+      {%- for user in user_list.users %}
+      {% if user['shadow']['max_days'] > 60 %}
+          {{ user['name'] }} has an expiration of {{ user['shadow']['max_days'] }} days
+      {% endif %}
+      {% endfor %}
+  tags:
+    - auth
+    - medium
+    - RHEL-07-010230
+
 - name: RHEL-07-010260 - The system must not have accounts configured with blank or null passwords
   lineinfile:
     dest: "{{ pam_auth_file }}"