Control: AWS > HIPAA > Account > Ensure IAM password policy expires passwords within 90 days or less

IAM password policies can require passwords to be rotated or expired after a given number of days. Security Hub recommends that the password policy expire passwords after 90 days or less. Reducing the password lifetime increases account resiliency against brute force login attempts.

Resource Types

This control targets the following resource types:

AWS > Account

In Your Workspace

Developers

Control Type URI

tmod:@turbot/aws-hipaa#/control/types/iamPasswordPolicyExpire90

Category URI

tmod:@turbot/turbot#/control/categories/complianceHipaa

GraphQL

query controlType(id: "tmod:@turbot/aws-hipaa#/control/types/iamPasswordPolicyExpire90") { … }

query controls(filter: "controlTypeId:'tmod:@turbot/aws-hipaa#/control/types/iamPasswordPolicyExpire90'") { … }

CLI

Get Controls

turbot graphql controls --filter "controlTypeId:tmod:@turbot/aws-hipaa#/control/types/iamPasswordPolicyExpire90"