Ensure OCI IAM password policy contains numeric characters

Error: OCI IAM password policy for local (non-federated) users does not have a number
Bridgecrew Policy ID: BC_OCI_IAM_2
Checkov Check ID: CKV_OCI_12
Severity: HIGH

OCI IAM password policy for local (non-federated) users does not have a number


This policy identifies Oracle Cloud Infrastructure(OCI) accounts that do not have a lowercase character in the password policy for local (non-federated) users. As a security best practice, configure a strong password policy for secure access to the OCI console.

Fix - Runtime

OCI Console

  1. Login to the OCI Console Page: https://console.ap-mumbai-1.oraclecloud.com/
  2. Go to Identity in the Services menu.
  3. Select Authentication Settings from the Identity menu.
    4.Click Edit Authentication Settings in the middle of the page.
    5.Ensure the checkbox is selected next to MUST CONTAIN AT LEAST 1 LOWERCASE CHARACTER.
    Note : The console URL is region specific, your tenancy might have a different home region and thus console URL.

Fix - Buildtime


  • Resource: oci_identity_authentication_policy
  • Arguments: password_policy.is_numeric_characters_required
resource "oci_identity_authentication_policy" "pass" {
  password_policy {
    is_numeric_characters_required   = true

Did this page help you?