๐ผ 2.5 Ensure MFA is enabled for the 'root' user account (Automated)
- ID:
/frameworks/cis-aws-v7.0.0/02/05
Statsโ
not available
Descriptionโ
The 'root' user account is the most privileged user in an AWS account. Multi-Factor Authentication (MFA) adds an extra layer of protection on top of a username and password. With MFA enabled, when a user signs in to an AWS website, they are prompted for their username and password as well as an authentication code from their MFA device.
Note: When virtual MFA is used for 'root' accounts, it is recommended that the device used is not a personal device, but rather a dedicated mobile device (tablet or phone) that is kept charged and secured, independent of any individual (โnon-personal virtual MFAโ). This reduces the risk of losing access to MFA due to device loss, device replacement, or employee turnover.
Where an AWS Organization is using centralized root access, root credentials can be removed from member accounts. In that case, it is neither possible nor necessary to configure root MFA in the member account.
Similarโ
- Sections
/frameworks/cis-aws-v6.0.0/02/04
Similar Sections (Take Policies From)โ
| Section | Sub Sections | Internal Rules | Policies | Flags | Compliance |
|---|---|---|---|---|---|
| ๐ผ CIS AWS v6.0.0 โ ๐ผ 2.4 Ensure MFA is enabled for the 'root' user account (Automated) | 1 | no data |
Similar Sections (Give Policies To)โ
| Section | Sub Sections | Internal Rules | Policies | Flags | Compliance |
|---|---|---|---|---|---|
| ๐ผ CIS AWS v6.0.0 โ ๐ผ 2.4 Ensure MFA is enabled for the 'root' user account (Automated) | 1 | no data |
Sub Sectionsโ
| Section | Sub Sections | Internal Rules | Policies | Flags | Compliance |
|---|
Policies (1)โ
| Policy | Logic Count | Flags | Compliance |
|---|---|---|---|
| ๐ก๏ธ AWS Account Root User MFA is not enabled.๐ข | 1 | ๐ข x6 | no data |