IAM.15

Ensure IAM password policy requires minimum password length of 14 or greater

Severity

Cloud Platforms

Resources

Related Standards

Automated

MEDIUM

AWS

AWS Identity and Access Management

AWS CIS Foundations v1.2 & v1.4, AWS Well-Architected, CDR, ISO27001, SOC2, NIST CSF,

YES

Password policies are, in part, used to enforce password complexity requirements. IAM password policies can be used to ensure passwords are at least a given length. It is recommended that the password policy require a minimum password length 14.