<  Back to rules search

IAM password policy has 14 or more characters

iam

Description

Password policies are, in part, used to enforce password complexity requirements. Use IAM password policies to ensure passwords are a minimum length. The password policy should require a minimum password length of 14 characters.

Rationale

Setting a password complexity policy increases account resiliency against brute force login attempts.

Remediation

See the CIS AWS Foundations Benchmark controls docs for console remediation steps.

Impact

None

Default value

None

References

  1. CCE-78907-3
  2. https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_passwords_account-policy.html
  3. https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#configure-strong-password-policy

CIS controls

Version 7, 16 - Account Monitoring and Control