Open Distro PCI Compliance

The top of this page ( says that “… stay compliant with regulations such as GDPR, HIPAA, PCI, and ISO.”

I am interested to know how the PCI compliancy aspect, more specifically, how/if the following can be achieved with the Open Distro Security Plugin:

password strength
password expiration policy
password can’t be similar to the last 4 passwords


@rony I know that the password strength can be enforced using below line in elasticsearch.yml from odfe version 1.0.0 (maybe earlier):

opendistro_security.restapi.password_validation_regex: '(?=.*[A-Z])(?=.*[^a-zA-Z\d])(?=.*[0-9])(?=.*[a-z]).{8,}'

(passwords must have:
minimum length of eight characters,
at least one upper case,
at least one special char,
at least one digit and
at least one lower case char.)

N.B. this is only applied to the users from internal DB.