Skip to main content

πŸ’Ό [IAM.6] Hardware MFA should be enabled for the root user

  • ID: /frameworks/aws-fsbp-v1.0.0/iam/06

Description​

Virtual MFA might not provide the same level of security as hardware MFA devices. We recommend that you use a virtual MFA device only while you wait for hardware purchase approval or for your hardware to arrive.

Similar​

Similar Sections (Give Policies To)​

SectionSub SectionsInternal RulesPoliciesFlagsCompliance
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό AC-2(1) Account Management _ Automated System Account Management418no data
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό AC-3(15) Access Enforcement _ Discretionary and Mandatory Access Control13no data
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό IA-2(1) Identification and Authentication (organizational Users) _ Multi-factor Authentication to Privileged Accounts3no data
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό IA-2(2) Identification and Authentication (organizational Users) _ Multi-factor Authentication to Non-privileged Accounts3no data
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό IA-2(6) Identification and Authentication (organizational Users) _ Access to Accounts β€”separate Device3no data
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό IA-2(8) Identification and Authentication (organizational Users) _ Access to Accounts β€” Replay Resistant3no data
πŸ’Ό PCI DSS v3.2.1 β†’ πŸ’Ό 8.3.1 Incorporate multi-factor authentication for all non-console access into the CDE for personnel with administrative access.3no data
πŸ’Ό PCI DSS v4.0.1 β†’ πŸ’Ό 8.4.2 MFA is implemented for all non-console access into the CDE.3no data

Sub Sections​

SectionSub SectionsInternal RulesPoliciesFlagsCompliance

Policies (1)​

PolicyLogic CountFlagsCompliance
πŸ›‘οΈ AWS Account Root User Hardware MFA is not enabled.🟒βšͺ🟒 x2, βšͺ x1no data