This rule enforces strong password configurations for IAM users.
Rule | Password policies for IAM users should have strong configurations |
Framework | CISA-cyber-essentials |
Severity | ✔ Critical |
Strong Password Policies for IAM Users based on CISA's Cyber Essentials
Implementing strong password policies for Identity Access Management (IAM) users is critical to secure access to an organization's resources. CISA's Cyber Essentials provide guidelines for cybersecurity best practices. In the context of IAM, they recommend enforcing robust password policies.
Detailed Description of Strong Password Policy Rule
A strong password policy should enhance the security of the user accounts within your IAM system. This typically includes:
Troubleshooting Steps
If the policy is not working as expected, follow these steps:
Necessary Codes
Here's an example of implementing a password policy using AWS CLI for IAM users:
aws iam update-account-password-policy \ --minimum-password-length 12 \ --require-symbols \ --require-numbers \ --require-uppercase-characters \ --require-lowercase-characters \ --allow-users-to-change-password \ --max-password-age 90 \ --password-reuse-prevention 24 \ --hard-expiry
This command updates the account password policy, setting the requirements and restrictions as per the CISA guidelines.
Step by Step Guide for Remediation
To enforce a strong password policy in your IAM system, perform the following steps: