Hi David,
There are no special requirements to configure the security questions and password rest feature.
When you modify the Forgotten Password Reset task, you can set how many questions are required to have answers on any user profile, and how many of them will be required to be answered correctly in order to allow password change.
Then, each user will need to set their security questions.
Here's some more info from our guide:
Configure the Forgotten Password Reset, Forgotten User ID, and One-Time Password Tasks - CA Identity Manager - 14.1 - CA…
Thanks,
Einav
(Note: if this answers your question please mark this thread as Answered. If it was helpful, please mark it Helpful -- thanks!)