ACCT.06 Enforce a password policy

Users sign in to the AWS Management Console by providing sign-in credentials. AWS recommends requiring MFA for all users. Require that passwords adhere to a strong password policy to help prevent discovery through brute force or social engineering. For more information about password policy recommendations, see the Password policy guide on the Center for Internet Security (CIS) website.

Note

For a benchmark-aligned minimum password length, see AWS Security Hub control IAM.15, which references the CIS AWS Foundations Benchmark recommendation.

For IAM users, configure password requirements by creating a custom IAM password policy. For more information, see Set an account password policy for IAM users in the IAM documentation.

To create a custom password policy

Open the IAM console.
In the navigation pane, choose Account settings.
In the Password policy section, choose Edit.
Choose Custom to use a custom password policy.
Select the options that you want to apply to your password policy and choose Save changes.
Confirm that you want to set a custom password policy by choosing Set custom.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

ACCT.05 Require multi-factor authentication to log in

ACCT.07 Deliver CloudTrail logs to a protected Amazon S3 bucket