Back to All Checks
Medium IAM

Password policies for IAM users should have strong configurations

NIST 800-53NIST 800-171ISO 27001PCI DSS v4.0.1HIPAA

Description

Checks if password policies for IAM users have strong AWS configurations.

Remediation

To ensure that password policies for IAM users have strong AWS configurations, follow these steps:

Steps

  1. Log into the AWS Management Console with an account that has administrative privileges.
  2. Navigate to the IAM dashboard.
  3. Select 'Account settings' from the navigation pane to access the password policy settings.
  4. Review and update the password policy to ensure it includes the following strong configurations:
  5. - Require at least one uppercase letter.
  6. - Require at least one lowercase letter.
  7. - Require at least one number.
  8. - Require at least one non-alphanumeric character.
  9. - Set a minimum password length of 8 characters.
  10. - Enable password expiration and set the maximum password age to 90 days or less.
  11. - Prevent password reuse by setting the number of remembered passwords to 24 or more.
  12. Save the updated password policy.
  13. Communicate the new password requirements to all IAM users and ensure they update their passwords accordingly.

Compliance

NIST 800-53NIST 800-171ISO 27001PCI DSS v4.0.1HIPAA
Start Your Free Security Check