Skip to main content

πŸ’Ό [IAM.6] Hardware MFA should be enabled for the root user

  • Contextual name: πŸ’Ό [IAM.6] Hardware MFA should be enabled for the root user
  • ID: /frameworks/aws-fsbp-v1.0.0/iam/06
  • Located in: πŸ’Ό Identity and Access Management (IAM)

Description​

Virtual MFA might not provide the same level of security as hardware MFA devices. We recommend that you use a virtual MFA device only while you wait for hardware purchase approval or for your hardware to arrive.

Similar​

Similar Sections (Give Policies To)​

SectionSub SectionsInternal RulesPoliciesFlags
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό AC-2(1) Account Management _ Automated System Account Management416
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό AC-3(15) Access Enforcement _ Discretionary and Mandatory Access Control10
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό IA-2(1) Identification and Authentication (organizational Users) _ Multi-factor Authentication to Privileged Accounts2
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό IA-2(2) Identification and Authentication (organizational Users) _ Multi-factor Authentication to Non-privileged Accounts2
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό IA-2(6) Identification and Authentication (organizational Users) _ Access to Accounts β€”separate Device2
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό IA-2(8) Identification and Authentication (organizational Users) _ Access to Accounts β€” Replay Resistant2
πŸ’Ό PCI DSS v3.2.1 β†’ πŸ’Ό 8.3.1 Incorporate multi-factor authentication for all non-console access into the CDE for personnel with administrative access.1
πŸ’Ό PCI DSS v4.0.1 β†’ πŸ’Ό 8.4.2 MFA is implemented for all non-console access into the CDE.2

Sub Sections​

SectionSub SectionsInternal RulesPoliciesFlags

Policies (1)​

PolicyLogic CountFlags
πŸ“ AWS Account Root User Hardware MFA is not enabled. 🟒🟒 x3