OCI-003 Oracle Cloud Infrastructure (OCI)

A strong password policy is configured.

A strong password policy is configured.

Domain
Oracle Cloud Infrastructure (OCI)
Area
IAM
Automated / manual
Automated

Risk if it fails

Weak passwords are brute-forced.

Short, simple passwords let attackers guess their way in. Once authenticated they begin probing your data and infrastructure.

How Tess tests it

1 test — each concludes only on cited evidence.

A strong password policy is configured.

Automated
Procedure
Review the tenancy/identity-domain password policy.

Read-only command 

oci iam authentication-policy get --compartment-id <tenancy-ocid>

More in Oracle Cloud Infrastructure (OCI)

OCI-001 MFA is enforced for all IAM users, especially administrators. OCI-002 Customer secret keys / API keys are rotated regularly (<=90 days). OCI-004 Membership of the Administrators group is minimal. OCI-005 IAM policies follow least privilege (no broad 'manage all-resources').

Want Tess to test OCI-003 against your evidence?

Book a demo