IAM Account Does Not Have A Secure Password Policy

Overview

IAM password policies are crucial for ensuring strong password security and preventing unauthorized access to accounts. It is highly recommended to implement a robust password policy that enforces complex password requirements.

Please note that this check encompasses all aspects of a secure password policy as per AWS guidelines. Additionally, it covers specific password policy checks related to CIS controls, which are also covered in separate checks. This comprehensive approach ensures thorough coverage for password security. If desired, specific checks related to CIS controls can be exempted as long as this overall password policy check remains enabled.

The following password policy requirements are covered by this check:

Minimum password length of at least 14 characters
Require symbols
Require numbers
Require uppercase characters
Require lowercase characters
Password reuse prevention - set to 24 previously used passwords
Max password age of 90 days or less

Vendor

AWS

Cloud Service

IAM

IAM.7

References

https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_passwords_account-policy.html#default-policy-details

Severity

Item Types

Custom::AWS::IAM::Account

Overview​

Vendor​

Cloud Service​

Related Controls​

References​

Severity​

Item Types​