aws_compliance

AWS Compliance

Password policies, in part, enforce password complexity requirements. Use IAM password policies to ensure that passwords are at least a given length. Security Hub recommends that the password policy require a minimum password length of 14 characters.

iam_account_password_policy_min_length_14

nist_800_53_rev_5_ac_2_1

AC-2(1) Automated System Account Management

fedramp_moderate_rev_4_ac_2_1

nist_800_53_rev_5_ac_2_3

AC-2(3) Disable Accounts

fedramp_moderate_rev_4_ac_2_3

AC-2(3) Disable Inactive Accounts

nist_800_53_rev_5_ac_2_3_a

AC-2(3)(a)

nist_800_53_rev_5_ac_2_3_b

AC-2(3)(b)

nist_800_53_rev_5_ac_2_3_c

AC-2(3)(c)

nist_800_53_rev_5_ac_2_3_d

AC-2(3)(d)

nist_800_53_rev_5_ac_2_d_1

AC-2(d)(1)

fedramp_moderate_rev_4_ac_2_f

AC-2(f)

fedramp_moderate_rev_4_ac_2_j

AC-2(j)

nist_800_53_rev_5_ac_3_12_a

AC-3(12)(a)

nist_800_53_rev_5_ac_3_13

AC-3(13) Attribute-Based Access Control

nist_800_53_rev_5_ac_3_15_a

AC-3(15)(a)

nist_800_53_rev_5_ac_3_15_b

AC-3(15)(b)

nist_800_53_rev_5_ac_3_3

AC-3(3) Mandatory Access Control

nist_800_53_rev_5_ac_3_3_a

AC-3(3)(a)

nist_800_53_rev_5_ac_3_3_b_1

AC-3(3)(b)(1)

nist_800_53_rev_5_ac_3_3_b_2

AC-3(3)(b)(2)

nist_800_53_rev_5_ac_3_3_b_3

AC-3(3)(b)(3)

nist_800_53_rev_5_ac_3_3_b_4

AC-3(3)(b)(4)

nist_800_53_rev_5_ac_3_3_b_5

AC-3(3)(b)(5)

nist_800_53_rev_5_ac_3_3_c

AC-3(3)(c)

nist_800_53_rev_5_ac_3_4

AC-3(4) Discretionary Access Control

nist_800_53_rev_5_ac_3_4_a

AC-3(4)(a)

nist_800_53_rev_5_ac_3_4_b

AC-3(4)(b)

nist_800_53_rev_5_ac_3_4_c

AC-3(4)(c)

nist_800_53_rev_5_ac_3_4_d

AC-3(4)(d)

nist_800_53_rev_5_ac_3_4_e

AC-3(4)(e)

nist_800_53_rev_5_ac_3_8

AC-3(8) Revocation Of Access Authorizations

nist_800_53_rev_5_ac_4_28

AC-4(28) Linear Filter Pipelines

fedramp_moderate_rev_4_ac_5_c

AC-5(c)

nist_800_53_rev_5_ac_7_4

AC-7(4) Use Of Alternate Authentication Factor

nist_800_53_rev_5_ac_7_4_a

AC-7(4)(a)

nist_800_53_rev_5_ac_24

Access Control Decisions (AC-24)

fedramp_low_rev_4_ac_2

Account Management (AC-2)

article_25

Article 25 Data protection by design and by default

nist_800_53_rev_5_ia_5

Authenticator Management (IA-5)

nist_800_53_rev_5_cm_12_b

CM-12(b)

nist_800_53_rev_5_cm_5_1_a

CM-5(1)(a)

nist_800_53_rev_5_cm_6_a

CM-6(a)

nist_800_53_rev_5_cm_9_b

CM-9(b)

nist_800_53_rev_5_ia_4_d

IA-4(d)

fedramp_moderate_rev_4_ia_5_1_a_d_e

IA-5(1)(a)(d)(e)

nist_800_53_rev_5_ia_5_1_f

IA-5(1)(f)

nist_800_53_rev_5_ia_5_1_g

IA-5(1)(g)

nist_800_53_rev_5_ia_5_1_h

IA-5(1)(h)

nist_800_53_rev_5_ia_5_18_a

IA-5(18)(a)

nist_800_53_rev_5_ia_5_18_b

IA-5(18)(b)

fedramp_moderate_rev_4_ia_5_4

IA-5(4) Automated Support For Password Strength Determination

nist_800_53_rev_5_ia_5_b

IA-5(b)

nist_800_53_rev_5_ia_5_c

IA-5(c)

nist_800_53_rev_5_ia_5_d

IA-5(d)

nist_800_53_rev_5_ia_5_f

IA-5(f)

nist_800_53_rev_5_ia_5_h

IA-5(h)

nist_800_53_rev_5_ia_8_2_b

IA-8(2)(b)

all_controls_iam

fedramp_moderate_rev_4_ia_2

Identification and Authentication (Organizational users) (IA-2)

fedramp_low_rev_4_ia_2

nist_800_53_rev_5_ma_4_c

MA-4(c)

nist_800_53_rev_5_sc_23_3

SC-23(3) Unique System-Generated Session Identifiers

Ensure IAM password policy requires a minimum length of 14 or greater

Run individual configuration, compliance and security controls or full compliance benchmarks for CIS, FFIEC, PCI, NIST, HIPAA, RBI CSF, GDPR, SOC 2, Audit Manager Control Tower, FedRAMP, GxP and AWS Foundational Security Best Practices controls across all your AWS accounts using Powerpipe and Steampipe.

Apache License 2.0

steampipe-mod-aws-compliance

Control: Ensure IAM password policy requires a minimum length of 14 or greater

Description

Usage

SQL

Tags