Description:

This policy ensures that secure password policy settings are enabled for all domain users. This is important for security, as it helps to protect user accounts from unauthorized access.

Rationale:

Weak passwords are a common way for attackers to gain unauthorized access to user accounts. By enabling secure password policy settings, organizations can help to ensure that user passwords are strong and difficult to guess.

Impact:

The impact of enabling secure password policy settings for all domain users will vary depending on the specific organization. However, in general, this policy will help to improve the security of the organization's user accounts and reduce the risk of unauthorized access.

Default Value:

AWS will initially recommend that organizations enable secure password policy settings for all domain users. However, the specific implementation of this policy will vary depending on the organization's specific needs.

Pre-requisites:

To enable secure password policy settings for all domain users, the following pre-requisites must be met:

  • The organization must have an Active Directory domain.
  • The organization must have the appropriate permissions to manage Active Directory.
  • The organization must have a process for enabling secure password policy settings.

Remediation Steps:

If secure password policy settings are not enabled for all domain users, the organization must take steps to remediate the issue. The remediation steps will vary depending on the specific situation.

Test Plan:

The organization should develop a test plan to verify that secure password policy settings are enabled for all domain users. The test plan should include steps to verify that the settings are working properly, and that all domain users have strong passwords.

Implementation Plan:

The organization should develop an implementation plan to ensure that secure password policy settings are enabled for all domain users. The implementation plan should include steps to develop a process for enabling secure password policy settings, and to train employees on the process.

AWS CLI Process:

To enable secure password policy settings for all domain users using the AWS CLI, the following command can be used:

aws iam create-password-policy --policy-name <policy-name> --policy-document file://policy.json

This command will create a new password policy with the specified name and policy document.

Using AWS GUI:

To enable secure password policy settings for all domain users using the AWS GUI, the following steps can be followed:

  1. Go to the AWS IAM console.
  2. Click on the "Password Policies" tab.
  3. Click on the "Create Policy" button.
  4. Select the "JSON" tab.
  5. Paste the following policy document into the text box:
{  "Version": "2012-10-17",  "PolicyDocument": {    "Version": "2012-10-17",    "Statement": [      {        "Sid": "RequireStrongPasswords",        "Effect": "Require",        "Rule": {          "Length": {            "Min": 8          },          "RequireUppercase": true,          "RequireLowercase": true,          "RequireNumbers": true,          "RequireSymbols": true        }      }    ]  } }
  1. Click on the "Create Policy" button.

Backout Plan:

If the policy to enable secure password policy settings for all domain users is not working properly, the organization may need to back out of the policy. To do this, the organization can delete the policy.

Note:

  • This policy is not intended to be a comprehensive guide to enabling secure password policy settings. For more information, please refer to the AWS IAM documentation.
  • This policy is subject to change.

Reference:

  • AWS IAM documentation: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html

Section 2:

  • Tags and Keywords: passwords, security, policy, domain