Ensure OCI IAM password policy contains symbols
Error: OCI IAM password policy for local (non-federated) users does not have a symbol
Bridgecrew Policy ID: BC_OCI_IAM_3
Checkov Check ID: CKV_OCI_13
Severity: HIGH
OCI IAM password policy for local (non-federated) users does not have a symbol
Description
This policy identifies Oracle Cloud Infrastructure(OCI) accounts that do not have a symbol in the password policy for local (non-federated) users. As a security best practice, configure a strong password policy for secure access to the OCI console.
Fix - Runtime
OCI Console
- Login to the OCI Console Page: https://console.ap-mumbai-1.oraclecloud.com/
- Go to Identity in the Services menu.
- Select Authentication Settings from the Identity menu.
- Click Edit Authentication Settings in the middle of the page.
- Ensure the checkbox is selected next to MUST CONTAIN AT LEAST 1 SPECIAL CHARACTER.
Note : The console URL is region specific, your tenancy might have a different home region and thus console URL.
Fix - Buildtime
Terraform
- Resource: oci_identity_authentication_policy
- Arguments: password_policy.is_special_characters_required
resource "oci_identity_authentication_policy" "pass" {
compartment_id = var.tenancy_id
password_policy {
...
is_special_characters_required = true
...
}
}
Updated 6 months ago