Checks whether the parameter values of a password policy that is configured for each RAM user are the same as the specified values. If so, the evaluation result is Compliant.

Scenarios

This rule applies when you need to configure a password policy for a RAM user. The parameters of a password policy include the password length, password validity period, and historical password check policy. Suitable password policies help reduce the risk of identity theft and protect your account.

Risk level

Default risk level: high.

When you apply this rule, you can change the risk level based on your business requirements.

Compliance evaluation logic

  • If the parameter values of a password policy that is configured for each RAM user are the same as the specified values, the evaluation result is Compliant.
  • If the parameter values of a password policy that is configured for each RAM user are not same as the specified values, the evaluation result is Incompliant. For more information about how to remediate an incompliant configuration, see Incompliance remediation.

Rule details

Item Description
Rule name ram-password-policy-check
Rule identifier ram-password-policy-check
Tag RAM and User
Automatic remediation Supported
Trigger type Periodic execution
Evaluation frequency Interval of 24 hours
Supported resource type Alibaba Cloud account
Input parameter
  • hardExpire. Default value: true.
  • maxLoginAttemps. Default value: 5.
  • maxPasswordAge. Default value: 90.
  • minimumPasswordLength. Default value: 8.
  • passwordReusePrevention. Default value: 3.
  • requireLowercaseCharacters. Default value: true.
  • requireNumbers. Default value: true.
  • requireSymbols. Default value: true.
  • requireUppercaseCharacters. Default value: true.

Incompliance remediation

Modify a password policy for a RAM user. For more information, see Configure a password policy for RAM users.