Skip to main content

πŸ’Ό 1.5 Ensure MFA is enabled for the 'root' user account - Level 1 (Automated)

  • Contextual name: πŸ’Ό 1.5 Ensure MFA is enabled for the 'root' user account - Level 1 (Automated)
  • ID: /frameworks/cis-aws-v2.0.0/01/05
  • Located in: πŸ’Ό 1 Identity and Access Management

Description​

The 'root' user account is the most privileged user in an AWS account. Multi-factor Authentication (MFA) adds an extra layer of protection on top of a username and password. With MFA enabled, when a user signs in to an AWS website, they will be prompted for their username and password as well as for an authentication code from their AWS MFA device.

Note: When virtual MFA is used for 'root' accounts, it is recommended that the device used is NOT a personal device, but rather a dedicated mobile device (tablet or phone) that is managed to be kept charged and secured independent of any individual personal devices. ("non-personal virtual MFA") This lessens the risks of losing access to the MFA due to device loss, device trade-in or if the individual owning the device is no longer employed at the company.

Similar​

  • Sections
    • /frameworks/cis-aws-v3.0.0/01/05
    • /frameworks/cis-aws-v1.5.0/01/05
  • Internal
    • ID: dec-c-3978f843

Similar Sections (Take Policies From)​

SectionSub SectionsInternal RulesPoliciesFlags
πŸ’Ό CIS AWS v1.5.0 β†’ πŸ’Ό 1.5 Ensure MFA is enabled for the 'root' user account - Level 1 (Automated)1
πŸ’Ό CIS AWS v3.0.0 β†’ πŸ’Ό 1.5 Ensure MFA is enabled for the 'root' user account - Level 1 (Automated)1

Similar Sections (Give Policies To)​

SectionSub SectionsInternal RulesPoliciesFlags
πŸ’Ό CIS AWS v1.5.0 β†’ πŸ’Ό 1.5 Ensure MFA is enabled for the 'root' user account - Level 1 (Automated)1
πŸ’Ό CIS AWS v3.0.0 β†’ πŸ’Ό 1.5 Ensure MFA is enabled for the 'root' user account - Level 1 (Automated)1

Sub Sections​

SectionSub SectionsInternal RulesPoliciesFlags

Policies (1)​

PolicyLogic CountFlags
πŸ“ AWS Account Root User MFA is not enabled. 🟒1🟒 x6