Ensure OCI IAM password policy contains numeric characters

Error: OCI IAM password policy for local (non-federated) users does not have a number
Bridgecrew Policy ID: BC_OCI_IAM_2
Checkov Check ID: CKV_OCI_12
Severity: HIGH

Suggest Edits

OCI IAM password policy for local (non-federated) users does not have a number

Description

This policy identifies Oracle Cloud Infrastructure(OCI) accounts that do not have a lowercase character in the password policy for local (non-federated) users. As a security best practice, configure a strong password policy for secure access to the OCI console.

Fix - Runtime

OCI Console

Login to the OCI Console Page: https://console.ap-mumbai-1.oraclecloud.com/
Go to Identity in the Services menu.
Select Authentication Settings from the Identity menu.
4.Click Edit Authentication Settings in the middle of the page.
5.Ensure the checkbox is selected next to MUST CONTAIN AT LEAST 1 LOWERCASE CHARACTER.
Note : The console URL is region specific, your tenancy might have a different home region and thus console URL.

Fix - Buildtime

Terraform

Resource: oci_identity_authentication_policy
Arguments: password_policy.is_numeric_characters_required

resource "oci_identity_authentication_policy" "pass" {
...
  password_policy {
    ...
    is_numeric_characters_required   = true
    ...
  }
}

Updated 12 months ago