PCI DSS requires that new passwords not repeat any of the last four previously used passwords. Harness does not currently provide a configuration option to enforce this requirement. This requirement applies specifically to non-SSO/local accounts used within the Harness environment.

This option currently not available on Harness

Reference: https://developer.harness.io/docs/platform/authentication/authentication-overview/#enforce-password-policies

PCI DSS 4.0 password requirements mandate a minimum 12-character length for users, 90-day change frequency (if not using MFA), and non-repetition of previous passwords. Passwords must be complex, incorporating letters, numbers, and symbols. The standard requires automatic screen locks after 15 minutes of inactivity and blocking access after six failed attempts.