Azure and GCP Perimeter Security, CIS Updates, and Enhanced Plugins →
Powerpipe Hub 
Hub
Mods
turbot/steampipe-mod-oci-compliance
Overview
3Dashboards
133Benchmarks
43Queries
2Variables
GitHub

Control: 1.6 Ensure IAM password policy prevents password reuse

Description

IAM password policies can prevent the reuse of a given password by the same user. It is recommended the password policy prevent the reuse of passwords.

Enforcing password history ensures that passwords are not reused in for a certain period of time by the same user. If a user is not allowed to use last 24 passwords, that window of time is greater. This helps maintain the effectiveness of password security.

Remediation

OCI IAM without Identity Domains - Identity Cloud Service (IDCS)

  1. Login to IDCS Admin Console.
  2. Expand the Navigation Drawer, click Settings, and then click Password Policy.
  3. Click on Change Your Password Policy button.
  4. Update the number of remembered passwords in Previous passwords remembered setting to 24 or greater.

OCI IAM with Identity Domains

  1. Go to Identity Domains: https://cloud.oracle.com/identity/domains/.
  2. Select the Compartment the Domain to remediate is in.
  3. Click on the Domain to remediate.
  4. Click on Settings.
  5. Click on Password policy to remediate.
  6. Click Edit password rules.
  7. Update the number of remembered passwords in Previous passwords remembered setting to 24 or greater.

Usage

Run the control in your terminal:

powerpipe control run oci_compliance.control.cis_v200_1_6

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run oci_compliance.control.cis_v200_1_6 --share

SQL

This control uses a named query:

select
  id as resource,
  'info' as status,
  'Manual verification required.' as reason,
  name
from
  oci_identity_tenancy;

Tags

category = Compliance
cis = true
cis_item_id = 1.6
cis_level = 1
cis_section_id = 1
cis_type = manual
cis_version = v2.0.0
plugin = oci
service = OCI/Identity