Control: 1.11 Ensure RAM password policy requires minimum length of 14 or greater
Description
RAM password policies can be used to ensure password complexity. It is recommended that the password policy require a minimum of 14 or greater characters for any password.
Remediation
Perform the following to set the password policy:
From Console
- Logon to RAM console.
- Choose
Identities > Settings. - In the
Password Strength Settingssection, clickEdit Password Rule. - In the
Password Lengthfield, enter<14>or a greater number. - Click
OK.
From Command Line
aliyun ram SetPasswordPolicy --MinimumPasswordLength 14
Usage
Run the control in your terminal:
powerpipe control run alicloud_compliance.control.cis_v100_1_11Snapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run alicloud_compliance.control.cis_v100_1_11 --shareSQL
This control uses a named query:
select 'acs:ram::' || a.account_id as resource, case when minimum_password_length >= 14 then 'ok' else 'alarm' end as status, case when minimum_password_length is null then 'No password policy set.' else 'Minimum password length set to ' || minimum_password_length || '.' end as reason , a.account_id as account_idfrom alicloud_account as a left join alicloud_ram_password_policy as pol on a.account_id = pol.account_id;