Skip to main content

💼 8.6.3 Passwords/passphrases for any application and system accounts are protected against misuse.

Description

As follows:

  • Passwords/passphrases are changed periodically (at the frequency defined in the entity's targeted risk analysis, which is performed according to all elements specified in Requirement 12.3.1) and upon suspicion or confirmation of compromise.
  • Passwords/passphrases are constructed with sufficient complexity appropriate for how frequently the entity changes the passwords/passphrases.

Similar

  • Sections
    • /frameworks/pci-dss-v4.0/08/06/03
    • /frameworks/aws-fsbp-v1.0.0/iam/03
    • /frameworks/aws-fsbp-v1.0.0/secrets-manager/01
    • /frameworks/aws-fsbp-v1.0.0/secrets-manager/02
    • /frameworks/aws-fsbp-v1.0.0/secrets-manager/04

Similar Sections (Take Policies From)

SectionSub SectionsInternal RulesPoliciesFlags
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [IAM.3] IAM users' access keys should be rotated every 90 days or less11
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [SecretsManager.1] Secrets Manager secrets should have automatic rotation enabled
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [SecretsManager.2] Secrets Manager secrets configured with automatic rotation should rotate successfully
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [SecretsManager.4] Secrets Manager secrets should be rotated within a specified number of days
💼 PCI DSS v4.0 → 💼 8.6.3 Passwords/passphrases for any application and system accounts are protected against misuse.1

Similar Sections (Give Policies To)

SectionSub SectionsInternal RulesPoliciesFlags
💼 PCI DSS v4.0 → 💼 8.6.3 Passwords/passphrases for any application and system accounts are protected against misuse.1

Sub Sections

SectionSub SectionsInternal RulesPoliciesFlags

Policies (1)

PolicyLogic CountFlags
📝 AWS IAM User Access Keys are not rotated every 90 days or less 🟢1🟢 x6