iCompaas Support

Profile Applicability:
Level 1

Description:
This control ensures that the AWS Identity and Access Management (IAM) password policy requires all user passwords to include at least one lowercase (a–z) letter. Enforcing lowercase letter usage as part of password complexity improves password strength and reduces the likelihood of password guessing or brute-force attacks.

Rationale:
Passwords that contain a combination of lowercase, uppercase, numbers, and symbols are significantly harder to guess or crack. Requiring at least one lowercase character ensures that passwords cannot consist solely of predictable patterns (like only uppercase or numeric sequences). This practice aligns with password complexity standards in CIS, SOC 2, ISO 27001, and NIST SP 800-63B, helping protect AWS accounts from unauthorized access.

Impact:
Positive Impact: Strengthens password complexity and reduces the risk of weak or easily guessable credentials.
Negative Impact: Slightly increases user effort during password creation but improves overall password security.

Default Value:
By default, AWS does not enforce the use of lowercase letters in passwords unless explicitly configured in the IAM password policy.

Pre-Requisite:

• IAM permissions required: iam:GetAccountPasswordPolicy, iam:UpdateAccountPasswordPolicy.
  
  

Test Plan 
Using AWS Console:

1. Sign in to the AWS Management Console with administrative privileges.

2. Navigate to IAM → Account settings → Password policy.

3. Verify that the setting “Require at least one lowercase letter (a–z)” is selected.

4. If the option is not enabled, the account is non-compliant.
   
   

Implementation Plan 
Using AWS Console:

1. Navigate to IAM → Account settings → Password policy.

2. Click Edit password policy.

3. Check the box “Require at least one lowercase letter (a–z)”.

4. (Optional) Enable additional password policy settings, such as:

   • Minimum password length (e.g., 14 characters).

   • Require at least one uppercase letter, number, and symbol.

   • Enable password expiration and prevent password reuse.

5. Click Save changes.
   
   

Backout Plan:

1. If users report difficulty logging in or updating passwords due to this requirement, temporarily uncheck the lowercase option.

2. Provide user communication on password format requirements, then re-enable the setting once users are informed.
   
   

References:

• AWS IAM Password Policy Documentation

• CIS AWS Foundations Benchmark v2.0.0 – Control 1.5

• NIST SP 800-63B – Digital Identity Guidelines

• AWS Security Best Practices Whitepaper