Authentication

Password policy does not expire often

Risk Level

Informational (4)

Platform(s)
Compliance Frameworks

Description

Password Policy is the set of rules that defines the password a RAM user can choose. A password that was not changed may have been compromised in the past and enlarges the chances to steal the credentials of a RAM user using credential public databases. The cloud account {CloudAccount} was found to have too weak policy.
  • Recommended Mitigation

    Review the password policy and make sure the password expires in 90 days or less.