Control: 1.4 Ensure IAM password policy requires minimum length of 14 or greater
Description
Password policies are used to enforce password complexity requirements. IAM password policies can be used to ensure password are at least a certain length and are composed of certain characters. It is recommended the password policy require a minimum password length 14 characters and contain 1 non-alphabetic character (Number or “Special Character”).
Remediation
From Console
OCI Native IAM
- Login to OCI Console.
- Go to
Identity
in the Services menu. - Select
Authentication Settings
from the Identity menu. - Click
Edit
in the middle of the page. - Type the number
14
into the box below the text:MINIMUM PASSWORD LENGTH (IN CHARACTERS)
. - Select checkbox next to
MUST CONTAIN AT LEAST 1 SPECIAL CHARACTER
ORMUST CONTAIN AT LEAST 1 NUMERIC CHARACTER
.
OCI Identity Cloud Service (IDCS)
- Login to IDCS Admin Console.
- Expand the Navigation Drawer, click
Settings
, and then clickPassword Policy
. - Click on
Change Your Password Policy
button. - Update the
Password length min size setting
to14
. - Click
Save
. - Under The
password must contain these characters
section, update the number given inSpecial min
setting to1
or Under Thepassword must contain these characters
section, update the number given inNumeric min
setting to1
. - Click
Save
.
Usage
Run the control in your terminal:
powerpipe control run oci_compliance.control.cis_v120_1_4
Snapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run oci_compliance.control.cis_v120_1_4 --share
SQL
This control uses a named query:
identity_authentication_password_policy_strong_min_length_14