ram-password-policy-check

更新时间:
复制 MD 格式

Evaluates whether RAM user password policy parameters match the specified values. Compliant if all values match.

Scenarios

Use this rule to enforce RAM user password policies, including password length, validity period, and historical password checks. Strong password policies reduce the risk of identity theft and protect your account.

Risk level

Default risk level: high.

You can change the risk level when you apply this rule.

Compliance evaluation logic

  • If all password policy parameters match the specified values, the evaluation result is Compliant.
  • If any password policy parameter does not match, the evaluation result is Incompliant. Remediate incompliant configurations in Incompliance remediation.

Rule details

Item Description
Rule name ram-password-policy-check
Rule identifier ram-password-policy-check
Tag RAM and User
Automatic remediation Supported
Trigger type Periodic execution
Evaluation frequency Every 24 hours
Supported resource type Alibaba Cloud account
Input parameter
  • hardExpire. Default value: true.
  • maxLoginAttemps. Default value: 5.
  • maxPasswordAge. Default value: 90.
  • minimumPasswordLength. Default value: 8.
  • passwordReusePrevention. Default value: 3.
  • requireLowercaseCharacters. Default value: true.
  • requireNumbers. Default value: true.
  • requireSymbols. Default value: true.
  • requireUppercaseCharacters. Default value: true.

Incompliance remediation

Modify the RAM user password policy. Configure a password policy for RAM users.