Control: 1.12 Ensure RAM password policy prevents password reuse
Description
It is recommended that the password policy prevent the reuse of passwords.
Remediation
Perform the following to set the password policy as expected:
From Console
- Logon to RAM console.
- Choose
Identities > Settings. - In the
Password Strength Settingssection, click EditPassword Rule. - In the
Password History Check Policyfield, enter5. - Click
OK.
From Command Line
aliyun ram SetPasswordPolicy --PasswordReusePrevention 5
Usage
Run the control in your terminal:
powerpipe control run alicloud_compliance.control.cis_v100_1_12Snapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run alicloud_compliance.control.cis_v100_1_12 --shareSQL
This control uses a named query:
select 'acs:ram::' || a.account_id as resource, case when password_reuse_prevention = 5 then 'ok' else 'alarm' end as status, case when minimum_password_length is null then 'No password policy set.' when password_reuse_prevention is null then 'Password reuse prevention not set.' else 'Password reuse prevention set to ' || password_reuse_prevention || '.' end as reason , a.account_id as account_idfrom alicloud_account as a left join alicloud_ram_password_policy as pol on a.account_id = pol.account_id;