IAM Root User MFA Rule
This rule ensures that IAM root user Multi-Factor Authentication is enabled for enhanced security measures.
| Rule | IAM root user MFA should be enabled |
| Framework | CISA-cyber-essentials |
| Severity | ✔ Medium |
Rule Description: IAM root user MFA should be enabled for CISA-cyber-essentials.
Overview: This rule ensures that Multi-Factor Authentication (MFA) is enabled for the root user of the AWS account associated with CISA Cyber Essentials. Enabling MFA adds an extra layer of security to protect the root user's credentials and helps prevent unauthorized access to the account.
Troubleshooting: If MFA is not enabled for the root user, follow the steps below to enable it.
- 1.Sign in to the AWS Management Console with the root user credentials.
- 2.Open the IAM service.
- 3.In the IAM dashboard, click on "Users" in the sidebar menu.
- 4.Locate the root user in the user list and click on it.
- 5.In the User Summary page, scroll down to the Security credentials section.
- 6.Under "Assigned MFA device," click on "Manage MFA device."
- 7.In the Manage MFA Device wizard, select the appropriate MFA device type (e.g., virtual MFA device or hardware MFA device).
- 8.Follow the on-screen instructions to set up the MFA device.
- 9.Once the MFA device is set up, click on "Assign MFA device" to complete the process.
- 10.Verify that the MFA device is active for the root user.
Code Example: No specific code example is required for this rule. The steps described above are performed through the AWS Management Console.
Remediation Steps:
- 1.Open the AWS Management Console using the root user credentials.
- 2.Navigate to the IAM service.
- 3.In the left-hand sidebar, click on "Users".
- 4.Find the root user in the list of users and click on the username.
- 5.Scroll down to the Security credentials section.
- 6.Under "Assigned MFA device," ensure that a configured MFA device is displayed.
- If "No MFA device assigned" is shown, click on "Manage MFA device" and follow the instructions for setting up an MFA device.
- 7.Verify that the MFA device is working by testing the authentication process.
- 8.Once MFA is successfully enabled, the rule compliance status will be updated.
Note: It is recommended to enable MFA for all IAM users in addition to the root user for enhanced security.