Skip to main content

πŸ’Ό [IAM.5] MFA should be enabled for all IAM users that have a console password

  • Contextual name: πŸ’Ό [IAM.5] MFA should be enabled for all IAM users that have a console password
  • ID: /frameworks/aws-fsbp-v1.0.0/iam/05
  • Located in: πŸ’Ό Identity and Access Management (IAM)

Description​

Multi-factor authentication (MFA) adds an extra layer of protection on top of a user name and password. With MFA enabled, when a user signs in to an AWS website, they are prompted for their user name and password. In addition, they are prompted for an authentication code from their AWS MFA device.

Similar​

Similar Sections (Give Policies To)​

SectionSub SectionsInternal RulesPoliciesFlags
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό AC-2(1) Account Management _ Automated System Account Management416
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό AC-3(15) Access Enforcement _ Discretionary and Mandatory Access Control10
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό IA-2(1) Identification and Authentication (organizational Users) _ Multi-factor Authentication to Privileged Accounts2
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό IA-2(2) Identification and Authentication (organizational Users) _ Multi-factor Authentication to Non-privileged Accounts2
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό IA-2(6) Identification and Authentication (organizational Users) _ Access to Accounts β€”separate Device2
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό IA-2(8) Identification and Authentication (organizational Users) _ Access to Accounts β€” Replay Resistant2
πŸ’Ό PCI DSS v4.0.1 β†’ πŸ’Ό 8.4.2 MFA is implemented for all non-console access into the CDE.2

Sub Sections​

SectionSub SectionsInternal RulesPoliciesFlags

Policies (1)​

PolicyLogic CountFlags
πŸ“ AWS IAM User MFA is not enabled for all users with console password 🟒1🟒 x6