turbot/oci_compliance

Control: 1.4 Ensure IAM password policy requires minimum length of 14 or greater

Description

Password policies are used to enforce password complexity requirements. IAM password policies can be used to ensure password are at least a certain length and are composed of certain characters. It is recommended the password policy require a minimum password length 14 characters and contain 1 non-alphabetic character (Number or “Special Character”).

Remediation

From Console

OCI Native IAM

  1. Login to OCI Console.
  2. Go to Identity in the Services menu.
  3. Select Authentication Settings from the Identity menu.
  4. Click Edit in the middle of the page.
  5. Type the number 14 into the box below the text: MINIMUM PASSWORD LENGTH (IN CHARACTERS).
  6. Select checkbox next to MUST CONTAIN AT LEAST 1 SPECIAL CHARACTER OR MUST CONTAIN AT LEAST 1 NUMERIC CHARACTER.

OCI Identity Cloud Service (IDCS)

  1. Login to IDCS Admin Console.
  2. Expand the Navigation Drawer, click Settings, and then click Password Policy.
  3. Click on Change Your Password Policy button.
  4. Update the Password length min size setting to 14.
  5. Click Save.
  6. Under The password must contain these characters section, update the number given in Special min setting to 1 or Under The password must contain these characters section, update the number given in Numeric min setting to 1.
  7. Click Save.

Usage

Run the control in your terminal:

powerpipe control run oci_compliance.control.cis_v120_1_4

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run oci_compliance.control.cis_v120_1_4 --share

SQL

This control uses a named query:

identity_authentication_password_policy_strong_min_length_14

Tags