Ensure IAM Password Policy Minimum Length Rule
This rule ensures IAM password policy requires a minimum length of 14 characters or greater.
| Rule | Ensure IAM password policy requires a minimum length of 14 or greater |
| Framework | NIST 800-53 Revision 5 |
| Severity | ✔ Critical |
IAM Password Policy: Minimum Length of 14 or Greater (NIST 800-53 Revision 5)
Description:
The IAM password policy is a configuration setting in the AWS Identity and Access Management (IAM) service that defines the requirements and restrictions for user passwords. This rule aims to enforce a strong password policy by ensuring that the minimum length of each user's password is 14 or greater. Adhering to this policy helps protect user accounts from unauthorized access, reduces the risk of password cracking, and aligns with the security recommendations outlined in NIST 800-53 Revision 5.
Troubleshooting Steps:
If users are unable to set a password with a minimum length of 14 or greater, follow these troubleshooting steps:
- 1.
Verify IAM permissions: Make sure that the user or role performing the changes has the necessary IAM permissions to modify the password policy. The required permission is
. Check the IAM policy attached to the user or role and ensure it includes this permission.iam:UpdateAccountPasswordPolicy - 2.
Check existing password policy: Verify the current IAM password policy by navigating to the IAM management console and selecting "Account settings." Ensure that the minimum password length is set to 14 or a higher value.
- 3.
Confirm account settings: Check if the AWS account administrator has not set any specific limitations on password policy rules that may override the default settings. Contact the account administrator or refer to any internal documentation to determine if there are any additional constraints.
Necessary code:
No specific code is required for this rule. The configuration is managed through the IAM management console or AWS CLI.
Remediation Steps:
Follow these steps to remediate the IAM password policy and set the minimum length of 14 or greater for user passwords:
- 1.
Open the IAM management console.
- 2.
Click on "Account settings" in the left sidebar.
- 3.
In the "Password policy" section, click on the "Edit" button.
- 4.
Set "Minimum password length" to 14 or a higher value.
- 5.
(Optional) Modify other password policy settings as needed, such as requiring at least one uppercase letter, lowercase letter, number, or special character.
- 6.
Click on the "Apply password policy" button to save the changes.
- 7.
Confirm the updated password policy by reviewing the "Account settings" page.
Additional Notes:
- Enforcing a strong password policy is crucial for maintaining the security of AWS accounts. Consider implementing other password requirements such as complexity rules and password rotation policies for enhanced security.
- Regularly review and update the password policy to align with any new security recommendations or best practices.
- Consider using AWS CloudTrail to capture and log all security-related actions, including changes to IAM password policies, for audit and compliance purposes.