Cloud Defense Logo

Products

Solutions

Company

Book A Live Demo

Rule: Ensure hardware MFA is enabled for the 'root user' account

This rule ensures the use of hardware MFA for the 'root user' account.

RuleEnsure hardware MFA is enabled for the "root user" account
Frameworkcis_v130
Severity
Low

Rule Description:

This rule requires that hardware Multi-Factor Authentication (MFA) is enabled for the "root user" account in the AWS (Amazon Web Services) environment. Enabling MFA adds an extra layer of security to the root user account, ensuring that only authorized individuals can access and manage critical resources.

Troubleshooting Steps:

If hardware MFA is not enabled for the root user account, follow these troubleshooting steps:

  1. 1.

    Ensure that you have administrative access to the AWS Management Console.

  2. 2.

    Log in to the AWS Management Console using the root user account credentials.

  3. 3.

    Go to the AWS Identity and Access Management (IAM) service.

  4. 4.

    Navigate to the "Account settings" page.

  5. 5.

    Check if MFA is already enabled for the root user account. If not, proceed to the next step.

  6. 6.

    Purchase and register an MFA hardware device compatible with AWS, such as a key fob or a virtual MFA application.

  7. 7.

    Associate the MFA device with the root user account by selecting the account and clicking on the "Assign MFA device" button.

  8. 8.

    Follow the on-screen instructions to complete the MFA device registration.

  9. 9.

    Once the MFA device is successfully registered, return to the root user account settings page.

  10. 10.

    Click on the "Security credentials" tab and locate the MFA section.

  11. 11.

    Confirm that the MFA status is now enabled for the root user account.

Necessary Code:

No code is required for this rule. The configuration is performed through the AWS Management Console and the AWS Identity and Access Management (IAM) service.

Remediation Steps:

To enable hardware MFA for the root user account, follow these steps:

  1. 1.

    Log in to the AWS Management Console using the root user account credentials.

  2. 2.

    Go to the AWS Identity and Access Management (IAM) service.

  3. 3.

    Navigate to the "Account settings" page.

  4. 4.

    Check if MFA is already enabled for the root user account. If not, proceed to the next step.

  5. 5.

    Purchase and register an MFA hardware device compatible with AWS, such as a key fob or a virtual MFA application.

  6. 6.

    Associate the MFA device with the root user account by selecting the account and clicking on the "Assign MFA device" button.

  7. 7.

    Follow the on-screen instructions to complete the MFA device registration.

  8. 8.

    Once the MFA device is successfully registered, return to the root user account settings page.

  9. 9.

    Click on the "Security credentials" tab and locate the MFA section.

  10. 10.

    Configure the MFA settings by selecting the option to enable MFA.

  11. 11.

    Follow any additional prompts or instructions to finalize the MFA configuration.

  12. 12.

    Verify that the MFA status is now enabled for the root user account.

CLI Command:

No CLI command is required for this rule. The configuration is performed through the AWS Management Console and the AWS Identity and Access Management (IAM) service.

Is your System Free of Underlying Vulnerabilities?
Find Out Now