Ensure IAM Password Policy Requires a Minimum Length of 14 or Greater
This rule ensures that IAM password policy enforces a minimum length of 14 characters or more.
| Rule | Ensure IAM password policy requires a minimum length of 14 or greater |
| Framework | FedRAMP Moderate Revision 4 |
| Severity | ✔ Critical |
IAM Password Policy - Minimum Length Requirement for FedRAMP Moderate Revision 4
Description:
This IAM (Identity and Access Management) password policy rule enforces the requirement of a minimum password length of 14 characters or greater. The objective is to enhance the security posture of the AWS (Amazon Web Services) account by setting strong password standards. This specific rule aligns with the security requirements mandated by the FedRAMP (Federal Risk and Authorization Management Program) Moderate framework, specifically the Revision 4.
Troubleshooting Steps (if applicable):
- 1.Verify if the IAM password policy is properly configured.
- 2.Ensure the policy allows for a minimum password length of 14 characters.
- 3.Verify if the requirement for the minimum password length has been correctly applied to all IAM users within the AWS account.
- 4.Check if any existing IAM users have passwords that are below the required minimum length.
- 5.Identify any error messages or inconsistencies in the IAM password policy configuration.
Necessary Code (if applicable):
No specific code is necessary since this rule is based on the configuration of the IAM password policy in the AWS Management Console.
Step-by-step Guide for Remediation:
Note: To follow this guide, you must have appropriate permissions to manage IAM password policies within your AWS account.
- 1.Open the AWS Management Console.
- 2.Navigate to the IAM service.
- 3.Choose "Account settings" in the left sidebar menu.
- 4.Scroll down to the "Account Password Policy" section.
- 5.Verify if the "Minimum password length" value is set to 14 or greater.
- 6.If the value is less than 14, click on the "Edit" button next to "Minimum password length".
- 7.In the editable field, input the value "14".
- 8.Save the changes by clicking on the "Apply password policy" button.
Verification:
To verify the successful implementation of the IAM password policy minimum length requirement, follow these steps:
- 1.Attempt to change the password of an IAM user within the AWS account.
- 2.Choose a password that does not meet the minimum length requirement (less than 14 characters).
- 3.If the implementation is successful, the system should display an error indicating that the password does not meet the minimum length requirement.
- 4.Try changing the password to meet the minimum length requirement (14 characters or greater).
- 5.If the password change is successful without any errors, the IAM password policy is correctly configured.
Conclusion:
By implementing this IAM password policy rule, you ensure that all IAM users in your AWS account adhere to the requirement of having passwords with a minimum length of 14 characters or greater. This strengthens the security posture of your AWS resources, aligning with the FedRAMP Moderate Revision 4 requirements.