AWS-IAM-Minimum-Password-Length

Severity: Medium

Description: This control ensures that option 'Minimum password length" is set to 14 or greater under password policy setting.  IAM password policies can be used to ensure password are at least a given length. It is recommended that the password policy require a minimum password length 14.

Remediation Steps:

Perform following to update IAM policy for IAM user :

1. Login to the AWS Management Console at https://console.aws.amazon.com.

2. Navigate to IAM console.

3. On the Left Pane, click on Account Settings.

4. Click on Update Password Policy.

5. Check Minimum password length value to 14 or greater.

6. Click Apply password policy.

Important:

Reference:

• CIS Amazon Web Services Foundations Benchmark v1.3.0 - 08-07-2020: Recommendation #1.8