Cloud Defense Logo

Products

Solutions

Company

Book A Live Demo

IAM Root User MFA Should Be Enabled

This rule emphasizes the importance of enabling multi-factor authentication for IAM root user.

RuleIAM root user MFA should be enabled
FrameworkFederal Financial Institutions Examination Council (FFIEC)
Severity
Medium

Rule Description

MFA (Multi-Factor Authentication) is a security measure that adds an extra layer of protection to user accounts. This rule mandates that the root user account in IAM (Identity and Access Management) should have MFA enabled specifically for the Federal Financial Institutions Examination Council (FFIEC). Enabling MFA ensures that even if someone gains access to the root user credentials, they would still require an additional authentication factor to log in successfully.

Troubleshooting Steps (if applicable)

If you encounter any issues while enabling MFA for the root user account, ensure that you have the necessary permissions to make the required changes. Additionally, make sure that you are following the correct steps outlined below.

Necessary Codes (if applicable)

No codes necessary for this rule.

Step-by-step Guide for Remediation

Follow the steps below to enable MFA for the IAM root user account specifically for the Federal Financial Institutions Examination Council (FFIEC):

Step 1: Access the AWS Management Console

  1. 1.
    Open a web browser and navigate to the AWS Management Console.

Step 2: Go to the IAM Service

  1. 1.

    Once you are logged into the AWS Management Console, search for "IAM" in the search bar.

  2. 2.

    Click on "IAM" from the search results to open the IAM dashboard.

Step 3: Configure MFA for the Root User

  1. 1.

    In the left navigation pane, click on "Users."

  2. 2.

    Locate and click on the "Security credentials" tab.

  3. 3.

    Under the "Multi-factor authentication (MFA)" section, click on "Manage MFA."

  4. 4.

    If you have not previously configured MFA for the root user, click on "Assign MFA device." Otherwise, skip to step 6.

  5. 5.

    Follow the on-screen instructions to set up MFA. This might involve selecting a virtual MFA device or a hardware key, depending on your preference. Configure the MFA device accordingly.

  6. 6.

    Once you have configured the MFA device, click on "Manage MFA device" again for the root user.

  7. 7.

    Click on "Activate MFA."

  8. 8.

    In the "Activate MFA" dialog box, click on the "Virtual MFA device" or "Hardware MFA device" option, depending on the type of MFA device you have chosen.

  9. 9.

    Follow the on-screen instructions to associate the MFA device with the root user.

  10. 10.

    Once successfully activated, you have completed enabling MFA for the root user.

Step 4: Set an MFA Policy for the Root User

  1. 1.

    In the IAM dashboard, click on "Policies" in the left navigation pane.

  2. 2.

    Click on "Create policy."

  3. 3.

    Choose the "Select" button next to "Create Your Own Policy."

  4. 4.

    Provide a suitable name and description for the policy, such as "Root User MFA Policy for FFIEC."

  5. 5.

    In the "Policy Document" section, enter the following policy document:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Deny",
            "Action": "*",
            "Resource": "*",
            "Condition": {
                "Bool": {
                    "aws:MultiFactorAuthPresent": "false",
                    "aws:PrincipalOrgID": "ffiec"
                }
            }
        }
    ]
}
  1. 1.

    Click on "Create policy" to save the MFA policy.

  2. 2.

    Close the policy editor window.

Step 5: Attach the MFA Policy to the Root User

  1. 1.

    In the IAM dashboard, click on "Users" in the left navigation pane.

  2. 2.

    Locate and click on the root user.

  3. 3.

    Click on the "Permissions" tab.

  4. 4.

    Scroll down to the "Managed Policies" section.

  5. 5.

    Click on "Attach policies."

  6. 6.

    Search for the policy you created earlier ("Root User MFA Policy for FFIEC").

  7. 7.

    Check the box next to the policy name.

  8. 8.

    Click on "Attach policy" to link the policy to the root user.

Congratulations! You have successfully enabled MFA for the IAM root user specifically for the Federal Financial Institutions Examination Council (FFIEC).

Is your System Free of Underlying Vulnerabilities?
Find Out Now