OCI IAM password policy for local (non-federated) users does not have minimum 14 characters
Description
This policy identifies Oracle Cloud Infrastructure(OCI) accounts that do not have a minimum of 14 characters in the password policy for local (non-federated) users. As a security best practice, configure a strong password policy for secure access to the OCI console.
Code Example
go
resource "oci_identity_authentication_policy" "pass" {
compartment_id = var.tenancy_id
password_policy {
...
minimum_password_length = 14
}
}Remediation
- OCI Console*
. Login to the OCI Console Page: https://console.ap-mumbai-1.oraclecloud.com/
. Go to Identity in the Services menu.
. Select Authentication Settings from the Identity menu.
. Click Edit Authentication Settings in the middle of the page.
. Type the number in range 14-100 into the box below the text: MINIMUM PASSWORD LENGTH (IN CHARACTERS). + Note : The console URL is region specific, your tenancy might have a different home region and thus console URL. === Fix - Buildtime
Terraform
- Resource: oci_identity_authentication_policy
- Arguments: password_policy.minimum_password_length
Rule Details
| Field | Value |
|---|---|
| ID | IAC-1245 |
| Severity | MEDIUM |
| IaC Type | Terraform |
| Frameworks | Terraform, TerraformPlan |
| Checkov ID | CKV_OCI_18 |