30 days is a little aggressive but I do think a quarterly or ever 6 months is valid. Not all users behave appropriately with their passwords, allowing other people to use them, re-using them between systems or putting them on post-it notes under their keyboards. The rotation of the credential is simply a cheap but heavy handed way of dealing with those compromises to ensure the system returns over time to a default state of security and cuts out invalid access. Granted a better way to manage this is create good audit trails of how often, during what times and from where and what devices those credentials are used, but like I said it's a simple/cheap way of adding that layer of security.