IAM Password Policy Does Not Prevent Reuse

Overview

IAM password policies can prevent the reuse of a given password by the same user. It is recommended that the password policy prevent the reuse of passwords. Preventing password reuse increases account resiliency against brute force login attempts. As with all password standards, this should not be considered a substitute for also implementing MFA.

Vendor

AWS

Cloud Service

IAM

CIS AWS v1.5.0 1.9, IAM.16

References

https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_passwords_account-policy.html#default-policy-details

Severity

Item Types

Custom::AWS::IAM::Account

Overview​

Vendor​

Cloud Service​

Related Controls​

References​

Severity​

Item Types​