Ensure IAM Password Policy Minimum Length is 14 or Greater Rule
This rule ensures the IAM password policy requires a minimum length of 14 characters or greater.
| Rule | Ensure IAM password policy requires minimum length of 14 or greater |
| Framework | cis_v150 |
| Severity | ✔ Medium |
IAM Password Policy - Minimum Length Requirement (cis_v150)
Rule Description:
This rule enforces the use of a strong password policy for IAM users in AWS. Specifically, it mandates that the minimum password length for IAM users should be 14 characters or greater.
Potential Impact:
A strong password policy with a minimum length requirement helps enhance the security of IAM users. By setting a minimum length, it ensures that users create passwords that are more resistant to brute-force attacks and password cracking techniques. This reduces the risk of unauthorized access to AWS resources.
Troubleshooting Steps:
If this policy is not enforced or fails to comply with the minimum length requirement, you can follow these troubleshooting steps:
- 1.
Ensure that you have sufficient privileges: Verify that you have the necessary permissions to modify IAM password policies. You should have IAM Administrator-level access or relevant IAM permissions to make changes.
- 2.
Check the current password policy: Use the AWS Command Line Interface (CLI) or AWS Management Console to retrieve the current password policy settings:
aws iam get-account-password-policy
Check if the minimum password length is set to 14 or greater.
- 1.Modify the password policy: If the current policy does not comply with the minimum length requirement, you need to modify it. Update the password policy by running the following command:
aws iam update-account-password-policy --minimum-password-length 14
- 1.Verify the changes: To confirm if the password policy has been updated successfully, retrieve the password policy settings again and check for the new minimum password length:
aws iam get-account-password-policy
Remediation:
To remediate the non-compliant password policy, follow the step-by-step guide below:
- 1.
Open the AWS Management Console and sign in to your AWS account with the necessary privileges.
- 2.
Navigate to the IAM service.
- 3.
In the left sidebar, click on "Account settings" or "Account settings (here)".
- 4.
Scroll down to the "Password policy" section and click on the "Edit" button next to it.
- 5.
Set the "Minimum password length" to 14 or greater.
- 6.
Optionally, adjust other password policy settings according to your requirements (e.g., requiring uppercase letters, lowercase letters, numbers, special characters).
- 7.
Click on the "Apply password policy" button to save the changes.
- 8.
Verify the changes by retrieving the password policy settings again:
aws iam get-account-password-policy
Ensure that the minimum password length reflects the new value.
By following these steps, you can remediate the non-compliant password policy by setting the minimum length to 14 or greater for IAM users.
Note: It is recommended to educate IAM users about creating strong and unique passwords and enabling multi-factor authentication for added security.