Control: 1.14 Ensure RAM password policy temporarily blocks logon after 5 incorrect logon attempts within an hour
RAM password policies can temporarily block logon after several incorrect logon attempts within an hour. It is recommended that the password policy is set to temporarily block logon after 5 incorrect logon attempts within an hour.
Perform the following to set the password policy as expected:
- Logon to RAM console.
Identities > Settings.
- In the
Password Strength Settingssection, click
Edit Password Rule.
- In the
Password Retry Constraint Policyfield, enter
<5>or a smaller number.
From Command Line
aliyun ram SetPasswordPolicy --MaxLoginAttemps 5
Run the control in your terminal:
steampipe check alicloud_compliance.control.cis_v100_1_14
Snapshot and share results via Steampipe Cloud:
steampipe loginsteampipe check --share alicloud_compliance.control.cis_v100_1_14
This control uses a named query:ram_password_policy_max_login_attempts_5