Cloud Defense Logo

Products

Solutions

Company

Book A Live Demo

Rule: Password Policies for IAM Users

Ensure strong configurations are in place for IAM user passwords.

RulePassword policies for IAM users should have strong configurations
FrameworkGxP 21 CFR Part 11
Severity
Critical

Password Policies for IAM Users with Strong Configurations for GxP 21 CFR Part 11

Description:

To ensure security and compliance with GxP 21 CFR Part 11 regulations, it is essential to enforce strong password policies for IAM (Identity and Access Management) users. This policy aims to establish robust password configurations to protect sensitive information and prevent unauthorized access to systems and data.

Troubleshooting Steps:

If some users are not adhering to the password policy, or if weak passwords are being used, follow these troubleshooting steps:

  1. 1.

    Identify the affected users: Determine which IAM users are not in compliance with the strong password configurations.

  2. 2.

    Communicate the policy requirements: Send reminders or notifications to the affected users, informing them about the password policy and the necessary changes they need to make.

  3. 3.

    Provide guidance: Offer resources, guidelines, or best practices on creating strong passwords to help users understand the importance of complying with the policy.

  4. 4.

    Monitor and enforce compliance: Regularly review user passwords and enforce compliance by implementing password filters or using IAM user management tools.

Necessary Codes:

The code snippets provided below can be used to configure strong password policies for IAM users. These codes are specific to Amazon Web Services (AWS) IAM, but can be modified for other IAM implementations if required.

Code 1: Minimum Password Length

aws iam update-account-password-policy --minimum-password-length 12

This code sets the minimum password length to 12 characters. Adjust the value as per your specific requirements.

Code 2: Require Upper and Lowercase Letters

aws iam update-account-password-policy --require-uppercase-characters

This code enforces the presence of both uppercase and lowercase letters in passwords.

Code 3: Require Numbers

aws iam update-account-password-policy --require-numbers

This code mandates the inclusion of numeric characters in passwords.

Code 4: Require Symbol Characters

aws iam update-account-password-policy --require-symbols

This code ensures the usage of symbol characters in passwords.

Code 5: Prevent Password Reuse

aws iam update-account-password-policy --password-reuse-prevention 5

This code prevents users from reusing their most recent 5 passwords. Modify the value as necessary.

Step-by-Step Guide for Remediation:

Follow the steps below to implement or update the IAM user password policies with strong configurations:

  1. 1.

    Access your IAM management console or the AWS CLI (Command Line Interface).

  2. 2.

    Configure the minimum password length:

    • Execute Code 1 to set the desired minimum password length.
  3. 3.

    Enforce the presence of uppercase and lowercase letters:

    • Execute Code 2 to require both uppercase and lowercase characters.
  4. 4.

    Mandate the inclusion of numbers:

    • Execute Code 3 to enforce the presence of numeric characters.
  5. 5.

    Ensure the usage of symbol characters:

    • Execute Code 4 to require symbol characters in passwords.
  6. 6.

    Prevent password reuse:

    • Execute Code 5 to set the limit for preventing password reuse.
  7. 7.

    Monitor compliance:

    • Regularly review IAM user passwords to ensure compliance with the configured policies.
  8. 8.

    Troubleshoot non-compliant users:

    • Follow the troubleshooting steps provided earlier to identify and address non-compliant users.

By following these steps and using the provided code snippets, you can implement or update strong password policies for IAM users, aligning with the requirements of GxP 21 CFR Part 11 regulations.

Is your System Free of Underlying Vulnerabilities?
Find Out Now