Identity Management - Password Rotation Compliance¶
Description¶
Regular password rotation ensures that credentials are periodically updated, reducing the risk of unauthorized access from compromised or stale passwords, which is critical to maintaining the security of your organization's systems and data.
How we measure it¶
Find all active users from Okta and check their password changed date. Users are considered compliant if their password was changed within the last 90 days, ensuring regular password rotation per security policy.
Meta Data¶
| Attribute | Value |
|---|---|
| Metric id | im_credentials |
| Category | Identity Management |
| SLO | 98.00% - 99.00% |
| Weight | 0.8 |
| Type |  |
References¶
| Framework | Ref | Domain | Control |
|---|---|---|---|
| ISO 27001:2022 | A.8.5 | 8 Technological controls | Secure authentication |
| NIST CSF v2.0 | PR.AA-02 | Identity Management, Authentication, and Access Control (PR.AA) | PR.AA-02: Identities are proofed and bound to credentials based on the context of interactions |
| CIS 8.1 | 5.2 | Account Management | Use Unique Passwords |
Code¶
select
profile.login as resource,
'user' as resource_type,
password_changed as detail,
case
when CURRENT_DATE - CAST(password_changed AS DATE) < 90
then 1
else 0
end as compliance
from
{{ ref('okta_users') }}
where
status = 'ACTIVE'