Access Control Policy - Korr
Purpose
This policy establishes requirements and guidelines for access control and password management to protect Korr's AWS infrastructure and data. It aims to ensure secure authentication, prevent unauthorized access, and maintain compliance with security best practices.
Scope
This policy applies to all employees, contractors, and systems administrators who have access to Korr's AWS environment, including the root account and IAM users.
Policy Owner
The DevOps/Security team owns this policy and is responsible for its maintenance and enforcement.
Password Policy Requirements
| Policy Setting | Requirement |
|---|---|
| Password Changes | Users are enabled to change their own passwords |
| Password Expiration | Enabled |
| Hard Password Expiry | Disabled |
| Maximum Password Age | 90 days |
| Minimum Password Length | 12 characters |
| Password Reuse Prevention | Previous 24 passwords cannot be reused |
| Character Requirements | - Lowercase letters required - Numbers required - Special symbols required - Uppercase letters required |
| Failed Login Attempts | Temporary lockout after 3 failed attempts |
| Lockout Duration | 15 minutes |
| Root Account Access | MFA required |
| IAM User Access | MFA required for all users |
Access Control Guidelines
All user accounts must follow the password requirements outlined above
Password changes:
- Users are permitted to change their own passwords
- Must meet all complexity requirements
- Cannot reuse previous 24 passwords
- Must be changed every 90 days
Password complexity:
- Minimum 12 characters in length
- Must contain at least one:
- Lowercase letter
- Uppercase letter
- Number
- Special symbol/character
Account security:
- Passwords expire after 90 days requiring reset
- Hard password expiry is disabled to prevent sudden account lockouts
- Failed login attempts should be monitored and logged
- Account lockout after 3 failed login attempts for 15 minutes
- Multi-factor authentication (MFA) required for root account access
- MFA required for all IAM users
Password storage and transmission:
- Passwords must be stored in hashed format using strong cryptographic algorithms
- Passwords must be transmitted securely using encryption
- Plain text passwords should never be logged or stored
Compliance monitoring:
- Regular audits of password policy compliance
- Automated scanning and reporting of policy violations
- Exceptions must be documented and approved
- Monthly credential reports generated and reviewed
- AWS GuardDuty enabled for continuous security monitoring
- AWS Inspector scans performed regularly
This policy will be reviewed annually and updated as needed based on security requirements and industry best practices.
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article