Ensure strong configurations are in place for IAM user passwords.
Rule | Password policies for IAM users should have strong configurations |
Framework | GxP 21 CFR Part 11 |
Severity | ✔ Critical |
Password Policies for IAM Users with Strong Configurations for GxP 21 CFR Part 11
Description:
To ensure security and compliance with GxP 21 CFR Part 11 regulations, it is essential to enforce strong password policies for IAM (Identity and Access Management) users. This policy aims to establish robust password configurations to protect sensitive information and prevent unauthorized access to systems and data.
Troubleshooting Steps:
If some users are not adhering to the password policy, or if weak passwords are being used, follow these troubleshooting steps:
Identify the affected users: Determine which IAM users are not in compliance with the strong password configurations.
Communicate the policy requirements: Send reminders or notifications to the affected users, informing them about the password policy and the necessary changes they need to make.
Provide guidance: Offer resources, guidelines, or best practices on creating strong passwords to help users understand the importance of complying with the policy.
Monitor and enforce compliance: Regularly review user passwords and enforce compliance by implementing password filters or using IAM user management tools.
Necessary Codes:
The code snippets provided below can be used to configure strong password policies for IAM users. These codes are specific to Amazon Web Services (AWS) IAM, but can be modified for other IAM implementations if required.
Code 1: Minimum Password Length
aws iam update-account-password-policy --minimum-password-length 12
This code sets the minimum password length to 12 characters. Adjust the value as per your specific requirements.
Code 2: Require Upper and Lowercase Letters
aws iam update-account-password-policy --require-uppercase-characters
This code enforces the presence of both uppercase and lowercase letters in passwords.
Code 3: Require Numbers
aws iam update-account-password-policy --require-numbers
This code mandates the inclusion of numeric characters in passwords.
Code 4: Require Symbol Characters
aws iam update-account-password-policy --require-symbols
This code ensures the usage of symbol characters in passwords.
Code 5: Prevent Password Reuse
aws iam update-account-password-policy --password-reuse-prevention 5
This code prevents users from reusing their most recent 5 passwords. Modify the value as necessary.
Step-by-Step Guide for Remediation:
Follow the steps below to implement or update the IAM user password policies with strong configurations:
Access your IAM management console or the AWS CLI (Command Line Interface).
Configure the minimum password length:
Enforce the presence of uppercase and lowercase letters:
Mandate the inclusion of numbers:
Ensure the usage of symbol characters:
Prevent password reuse:
Monitor compliance:
Troubleshoot non-compliant users:
By following these steps and using the provided code snippets, you can implement or update strong password policies for IAM users, aligning with the requirements of GxP 21 CFR Part 11 regulations.