top of page

IAM.10

Password policies for IAM users should have strong configurations

Severity

Cloud Platforms

Resources

Related Standards

Automated

MEDIUM

AWS

AWS Identity and Access Management

CIS v8, PCI DSS v3.2.1, SOC2, NIST CSF,

YES

This AWS control checks whether the account password policy for IAM users uses the following minimum PCI DSS configurations: RequireUppercaseCharacters: Require at least one uppercase character in password. (Default = true) RequireLowercaseCharacters: Require at least one lowercase character in password. (Default = true) RequireNumbers: Require at least one number in password. (Default = true) MinimumPasswordLength: Password minimum length. (Default = 7 or longer) PasswordReusePrevention: Number of passwords before allowing reuse. (Default = 4) MaxPasswordAge: Number of days before password expiration. (Default = 90)

bottom of page