top of page
IAM.17
Ensure IAM password policy expires passwords within 90 days or less
Severity
Cloud Platforms
Resources
Related Standards
Automated
LOW
AWS
AWS Identity and Access Management
AWS CIS Foundations v1.2, AWS Foundational Technical Review, CDR, ISO27001, SOC2, NIST CSF,
YES
IAM password policies can require passwords to be rotated or expired after a given number of days. It is recommended that the password policy expire passwords after 90 days or less.
bottom of page