Loading...

XML

Word

Printable

What is the nature and description of the request?
The customer is requesting the implementation of strong password policy enforcement mechanisms in Ansible Automation Platform (AAP). Currently, the platform allows users to create simple passwords without enforcing complexity, expiration, or reuse prevention. This creates a potential security risk, especially in environments with strict compliance and audit requirements. The enhancement would introduce configurable password policy options to align with common security standards.

The customer's organization recently underwent a security audit that identified the lack of a strong password policy in AAP as a critical issue requiring remediation.
To comply with internal security standards and industry regulations that mandate strong authentication practices.

To reduce the risk of brute-force attacks, credential stuffing, and unauthorized access by enforcing strong, complex, and periodically rotated passwords.

To maintain customer and stakeholder trust by aligning the platform's access controls with best security practices.

Enforce a minimum password length (e.g., 12 characters) for all user accounts.
Require password complexity, including at least:

Implement password expiration, prompting users to change passwords after a configurable period (e.g., 90 days).
Enable password history enforcement to prevent reuse of a defined number of previous passwords (e.g., last 5).
Introduce password blacklist checking against commonly used or compromised passwords (e.g., via Have I Been Pwned or a local dictionary).
Provide an administrative interface or configuration option to manage and customize these password policy settings.
Ensure API-level enforcement so password policies apply uniformly across UI, CLI, and API interactions.