💼 1.13 Ensure MFA is enabled for the "root" account

Contextual name: 💼 1.13 Ensure MFA is enabled for the "root" account
ID: /frameworks/cis-aws-v1.2.0/01/13
Located in: 💼 1 Identity and Access Management

Description

The root account is the most privileged user in an AWS account. MFA adds an extra layer of protection on top of a user name and password. With MFA enabled, when a user signs in to an AWS website, they will be prompted for their user name and password as well as for an authentication code from their AWS MFA device.

Note: When virtual MFA is used for root accounts, it is recommended that the device used is NOT a personal device, but rather a dedicated mobile device (tablet or phone) that is managed to be kept charged and secured independent of any individual personal devices. ("non-personal virtual MFA") This lessens the risks of losing access to the MFA due to device loss, device trade-in or if the individual owning the device is no longer employed at the company.

Similar

Sections
- /frameworks/cis-aws-v1.3.0/01/05
Internal
- ID: dec-c-da630a06

Similar Sections (Take Policies From)

Section	Sub Sections	Internal Rules	Policies	Flags
💼 CIS AWS v1.3.0 → 💼 1.5 Ensure MFA is enabled for the "root user" account			1

Similar Sections (Give Policies To)

Section	Sub Sections	Internal Rules	Policies	Flags
💼 CIS AWS v1.3.0 → 💼 1.5 Ensure MFA is enabled for the "root user" account			1

Sub Sections

Section	Sub Sections	Internal Rules	Policies	Flags

Policies (1)

Policy	Logic Count	Flags
📝 AWS Account Root User MFA is not enabled. 🟢	1	🟢 x6

Description​

Similar​

Similar Sections (Take Policies From)​

Similar Sections (Give Policies To)​

Sub Sections​

Policies (1)​