Rule: IAM Root User MFA Should Be Enabled

This rule ensures that multi-factor authentication is enabled for the IAM root user.

Rule	IAM root user MFA should be enabled
Framework	CISA-cyber-essentials
Severity	✔ Medium

IAM Root User MFA Policy for CISA-cyber-essentials

Description:

In order to enhance the security of the AWS account and meet the requirements of CISA (Cyber Essentials), Multi-Factor Authentication (MFA) should be enabled for the IAM root user. Enabling MFA adds an additional layer of protection, requiring the use of a valid MFA device in addition to the password when logging in as the root user.

Step-by-Step Guide:

1.

Log in to the AWS Management Console using your IAM credentials as the root user.

2.

Navigate to the IAM service by using the search bar or selecting it from the list of available services.

3.

In the IAM console, click on "Account settings" from the left sidebar.

4.

On the "Account settings" page, locate the "Multi-factor authentication (MFA)" section.

5.

Click on the "Manage MFA" button to configure MFA for the root user.

6.

On the "Manage MFA device" page, select the "Virtual MFA device" option.

7.

Choose whether to create a new virtual MFA device or associate an existing one. If creating a new device, follow the instructions to create a virtual MFA device using either a supported virtual MFA app (such as Google Authenticator) or a hardware token device.

8.

Once the virtual MFA device has been created, select it from the list and click on the "Activate MFA" button.

9.

You will be prompted to enter two different consecutive MFA codes to verify the MFA device and complete the setup.

10.

After successfully configuring MFA for the root user, you will be redirected to the "Account settings" page. The MFA status should now display as "Active."

Troubleshooting Steps:

If you are receiving an error while setting up MFA, double-check that you have selected the correct virtual MFA device or check if the virtual MFA app or hardware token device is functioning properly.
If you encounter any issues during the MFA setup process, consult the AWS documentation for troubleshooting steps specific to virtual MFA devices or contact AWS support for assistance.

Code:

There is no specific code required for enabling MFA for the IAM root user. The configuration is done through the AWS Management Console.

Note:

Ensure that you securely store the MFA device (virtual or hardware) to prevent unauthorized access to the AWS account. Additionally, consider setting up MFA for other IAM users within the account to further strengthen security.

Rule: IAM Root User MFA Should Be Enabled

.css-doq6ia{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:26px;font-weight:700;margin-top:1rem;}Description:

.css-doq6ia{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:26px;font-weight:700;margin-top:1rem;}Step-by-Step Guide:

.css-doq6ia{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:26px;font-weight:700;margin-top:1rem;}Troubleshooting Steps:

.css-doq6ia{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:26px;font-weight:700;margin-top:1rem;}Code:

.css-doq6ia{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:26px;font-weight:700;margin-top:1rem;}Note:

Is your System Free of Underlying Vulnerabilities? Find Out Now

Description:

Step-by-Step Guide:

Troubleshooting Steps:

Code:

Note:

Is your System Free of Underlying Vulnerabilities?
Find Out Now