Description

Detects unsafe password reuse prevention settings in AWS IAM account password policies. A weak password reuse prevention setting allows users to reuse recent passwords, which increases security risk if passwords are compromised. The AWS IAM account password policy should prevent reuse of a sufficient number of previous passwords.

Detection Strategy

• Account password policy has no password reuse prevention setting configured

• Password reuse prevention is set to allow reuse of passwords after less than 24 previous passwords

• Password reuse prevention setting exists but is set below the required minimum threshold