Powerpipe Detection Mods →
Powerpipe Hub 
Hub
Mods
turbot/steampipe-mod-oci-compliance
Overview
3Dashboards
133Benchmarks
43Queries
2Variables
GitHub

Control: 1.4 Ensure IAM password policy requires minimum length of 14 or greater

Description

Password policies are used to enforce password complexity requirements. IAM password policies can be used to ensure password are at least a certain length and are composed of certain characters. It is recommended the password policy require a minimum password length 14 characters and contain 1 non-alphabetic character (Number or “Special Character”).

Remediation

From Console

OCI Native IAM

  1. Login to OCI Console.
  2. Go to Identity in the Services menu.
  3. Select Authentication Settings from the Identity menu.
  4. Click Edit in the middle of the page.
  5. Type the number 14 into the box below the text: MINIMUM PASSWORD LENGTH (IN CHARACTERS).
  6. Select checkbox next to MUST CONTAIN AT LEAST 1 SPECIAL CHARACTER OR MUST CONTAIN AT LEAST 1 NUMERIC CHARACTER.

OCI Identity Cloud Service (IDCS)

  1. Login to IDCS Admin Console.
  2. Expand the Navigation Drawer, click Settings, and then click Password Policy.
  3. Click on Change Your Password Policy button.
  4. Update the Password length min size setting to 14.
  5. Click Save.
  6. Under The password must contain these characters section, update the number given in Special min setting to 1 or Under The password must contain these characters section, update the number given in Numeric min setting to 1.
  7. Click Save.

Usage

Run the control in your terminal:

powerpipe control run oci_compliance.control.cis_v120_1_4

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run oci_compliance.control.cis_v120_1_4 --share

SQL

This control uses a named query:

select
  tenant_id as resource,
  case
    when
      minimum_password_length >= 14
      and (is_numeric_characters_required or is_special_characters_required)
    then 'ok'
    else 'alarm'
  end as status,
  case
    when minimum_password_length is null then 'No password policy set.'
    when
      minimum_password_length >= 14
      and (is_numeric_characters_required or is_special_characters_required)
    then 'Strong password policies configured.'
    else 'Strong password policies not configured.'
  end as reason
  , tenant_name as tenant
from
  oci_identity_authentication_policy;

Tags

category = Compliance
cis = true
cis_item_id = 1.4
cis_level = 1
cis_section_id = 1
cis_type = manual
cis_version = v1.2.0
plugin = oci
service = OCI/Identity