Password lifetime restrictions do not apply to temporary passwords 

Priority: High  

Category: Centralized Controls Management 

Services Associated with AWS:   

  • AWS Identity and Access Management (IAM) 

Objective Evidence:   

  • Administrative: documented policies, standards & procedures
  • Administrative: supporting documentation to demonstrate how Identity & Access Management (IAM) practices are implemented
  • Administrative: supporting documentation to demonstrate the "secure practices" used to build technology platform-specific secure baseline configurations
  • Technical: screenshot of configuration settings 

Possible Technology Considerations : 

  • Identity & Access Management (IAM)
  • Secure Baseline Configurations (SBC) 

What needs to be answered :  

Can passwords be re-used after a certain number of days or a defined number of password changes? Is password reuse prohibited for a defined number of generations? Are passwords unique to the organization’s systems and not re-used on external information systems?


  • Prohibit Password Reuse
    Description: This check ensures that organizations prohibit the reuse of passwords for a specified number of generations. Password reuse refers to the practice of using the same password again after it has been previously used. Prohibiting password reuse helps enhance password security by preventing users from using the same password repeatedly, which reduces the risk of compromised credentials. Organizations should define a policy that specifies the number of generations (i.e., the number of times a password can be reused) before a new password must be set. This policy should be enforced for both individual and group accounts.

More Details:   

Password reusage prohibited for at least six prior passwords.