IAM.10
Password policies for IAM users should have strong configurations
Severity
Cloud Platforms
Resources
Related Standards
Automated
MEDIUM
AWS
AWS Identity and Access Management
CIS v8, PCI DSS v3.2.1, SOC2, NIST CSF,
YES
This AWS control checks whether the account password policy for IAM users uses the following minimum PCI DSS configurations: RequireUppercaseCharacters: Require at least one uppercase character in password. (Default = true) RequireLowercaseCharacters: Require at least one lowercase character in password. (Default = true) RequireNumbers: Require at least one number in password. (Default = true) MinimumPasswordLength: Password minimum length. (Default = 7 or longer) PasswordReusePrevention: Number of passwords before allowing reuse. (Default = 4) MaxPasswordAge: Number of days before password expiration. (Default = 90)