💼 1.5 Ensure hardware MFA is enabled for the 'root' user account (Manual)

Contextual name: 💼 1.5 Ensure hardware MFA is enabled for the 'root' user account (Manual)
ID: /frameworks/cis-aws-v5.0.0/01/05
Located in: 💼 1 Identity and Access Management

Description

The 'root' user account is the most privileged user in an AWS account. MFA adds an extra layer of protection on top of a user name and password. With MFA enabled, when a user signs in to an AWS website, they will be prompted for their user name and password as well as for an authentication code from their AWS MFA device. For Level 2, it is recommended that the 'root' user account be protected with a hardware MFA.

Where an AWS Organization is using centralized root access, root credentials can be removed from member accounts. In that case it is neither possible nor necessary to configure root MFA in the member account.

Similar

Sections
- /frameworks/cis-aws-v4.0.1/01/06

Similar Sections (Take Policies From)

Section	Sub Sections	Internal Rules	Policies	Flags
💼 CIS AWS v4.0.1 → 💼 1.6 Ensure hardware MFA is enabled for the 'root' user account (Manual)			1

Similar Sections (Give Policies To)

Section	Sub Sections	Internal Rules	Policies	Flags
💼 CIS AWS v4.0.1 → 💼 1.6 Ensure hardware MFA is enabled for the 'root' user account (Manual)			1

Sub Sections

Section	Sub Sections	Internal Rules	Policies	Flags

Policies (1)

Policy	Logic Count	Flags
📝 AWS Account Root User Hardware MFA is not enabled. 🟢		🟢 x3

Description​

Similar​

Similar Sections (Take Policies From)​

Similar Sections (Give Policies To)​

Sub Sections​

Policies (1)​