top of page

IAM.15

Ensure IAM password policy requires minimum password length of 14 or greater

Severity

Cloud Platforms

Resources

Related Standards

Automated

MEDIUM

AWS

AWS Identity and Access Management

AWS CIS Foundations v1.2 & v1.4, AWS Well-Architected, CDR, ISO27001, SOC2, NIST CSF,

YES

Password policies are, in part, used to enforce password complexity requirements. IAM password policies can be used to ensure passwords are at least a given length. It is recommended that the password policy require a minimum password length 14.

bottom of page