Cloud Defense Logo

Products

Solutions

Company

IAM Root User MFA Enabled Rule

This rule ensures the Multi-Factor Authentication (MFA) is enabled for the IAM root user.

RuleIAM root user MFA should be enabled
FrameworkFedRAMP Moderate Revision 4
Severity
Medium

Rule Description:

MFA (Multi-Factor Authentication) should be enabled for the root user in the context of FedRAMP Moderate Revision 4 compliance. This rule ensures an additional layer of security to protect the root user account from unauthorized access and helps comply with the security requirements defined by FedRAMP.

Troubleshooting Steps:

If MFA is not enabled for the root user, follow these troubleshooting steps:

  2. 1.

    Check if the root user has MFA enabled:

    • Log in to the AWS Management Console using the root user credentials.
    • Navigate to the IAM service.
    • Click on "Users" in the left-hand menu.
    • Look for the root user in the list and check if MFA is enabled.
  4. 2.

    Enable MFA for the root user:

    • Click on the root user in the list.
    • Go to the "Security credentials" tab.
    • Under "Multi-factor authentication (MFA)", click on "Manage MFA".
    • Follow the instructions to set up MFA for the root user.
  6. 3.

    Verify MFA setup:

    • Log out of the AWS Management Console.
    • Log back in using the root user credentials.
    • You should be prompted to provide the MFA token after entering the password.

Necessary Codes:

There are no specific codes required for this rule. However, scripting or automation can be used to enforce this rule across multiple AWS accounts.

Remediation Steps:

To enable MFA for the root user, follow these steps:

  2. 1.

    Log in to the AWS Management Console using root user credentials.

  4. 2.

    Navigate to the IAM service.

  6. 3.

    Click on "Users" in the left-hand menu.

  8. 4.

    Look for the root user in the list and click on it.

  10. 5.

    Go to the "Security credentials" tab.

  12. 6.

    Under "Multi-factor authentication (MFA)", click on "Manage MFA".

  14. 7.

    Choose the appropriate MFA device option (Hardware MFA device or Virtual MFA device).

  16. 8.

    Follow the instructions provided to set up the MFA device.

  18. 9.

    Once the MFA device is set up, log out of the AWS Management Console.

  20. 10.

    Log back in using the root user credentials.

  22. 11.

    Provide the MFA token when prompted.

  24. 12.

    MFA should now be enabled for the root user.

CLI Command:

There is no specific CLI command required to enable MFA for the root user, as it needs to be done through the AWS Management Console.

Is your System Free of Underlying Vulnerabilities?
Find Out Now