Control: 1.8 Ensure RAM password policy requires at least one lowercase letter

Description

RAM password policies can be used to ensure password complexity. It is recommended that the password policy require at least one lowercase letter.

Remediation

Perform the following to set the password policy as expected:

Using the management console:

Logon to RAM console.
Choose Settings.
In the Password, click Modify.
In the Charset section, select Lower case.
Click OK.

Using the CLI:

aliyun ram SetPasswordPolicy --RequireLowercaseCharacters true

Default Value:

The default password policy does not enforce any charset in a password.

Usage

Run the control in your terminal:

powerpipe control run alicloud_compliance.control.cis_v200_1_8

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run alicloud_compliance.control.cis_v200_1_8 --share

SQL

This control uses a named query:

select
  'acs:ram::' || a.account_id as resource,
  case
    when require_lowercase_characters then 'ok'
    else 'alarm'
  end as status,
  case
    when minimum_password_length is null then 'No password policy set.'
    when require_lowercase_characters then 'Lowercase character required.'
    else 'Lowercase character not required.'
  end as reason
  , a.account_id as account_id
from
  alicloud_account as a
  left join alicloud_ram_password_policy as pol on a.account_id = pol.account_id;