---
names:
  full: AWS Account Root User MFA is not enabled.
  contextual: Account Root User MFA is not enabled.
description: "The 'root' user account is the most privileged user in an AWS account.\
  \ Multi-factor Authentication (MFA) adds an extra layer of protection on top of\
  \ a username and password. With MFA enabled, when a user signs in to an AWS website,\
  \ they will be prompted for their username and password as well as for an authentication\
  \ code from their AWS MFA device."
type: COMPLIANCE_POLICY
categories:
  - SECURITY
frameworkMappings:
  - "/frameworks/cis-aws-v7.0.0/02/05"
  - "/frameworks/cloudaware/identity-and-access-governance/mfa-implementation"
  - "/frameworks/aws-well-architected/sec/02/01"
  - "/frameworks/pci-dss-v3.2.1/08/03/01"
  - "/frameworks/pci-dss-v4.0.1/08/04/02"
  - "/frameworks/nist-sp-800-53-r5/ac/02/01"
  - "/frameworks/nist-sp-800-53-r5/ac/03/15"
  - "/frameworks/nist-sp-800-53-r5/ia/02/01"
  - "/frameworks/nist-sp-800-53-r5/ia/02/02"
  - "/frameworks/nist-sp-800-53-r5/ia/02/06"
  - "/frameworks/nist-sp-800-53-r5/ia/02/08"
similarPolicies:
  cloudConformity:
    - url: https://www.trendmicro.com/cloudoneconformity-staging/knowledge-base/aws/IAM/root-mfa-enabled.html
      name: Root MFA Enabled