<  Back to rules search

IAM password policy prevents password reuse

iam

Description

IAM password policies can prevent the reuse of a given password by the same user. It is recommended that the password policy prevent the reuse of passwords.

Rationale

Preventing password reuse increases account resiliency against brute force login attempts.

Remediation

See the CIS AWS Foundations Benchmark controls docs for console remediation steps.

Impact

None

Default value

None

References

  1. CCE-78908-1
  2. https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_passwords_account-policy.html
  3. https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#configure-strong-password-policy

CIS controls

4.4 Use unique passwords where multi-factor authentication is not supported (such as local administrator, root, or service accounts), accounts will use passwords that are unique to that system.