Login

Cloud Defense Logo

Products

Solutions

Company

Book A Live Demo

IAM Users with Console Access Should Have MFA Enabled Rule

This rule ensures that IAM users with console access should have Multi-Factor Authentication (MFA) enabled.

RuleIAM users with console access should have MFA enabled
FrameworkFederal Financial Institutions Examination Council (FFIEC)
Severity
High

Policy Description:

This policy ensures that IAM users with console access within the organization have multi-factor authentication (MFA) enabled. It specifically targets users who are subject to compliance with the Federal Financial Institutions Examination Council (FFIEC) guidelines. MFA adds an extra layer of security to user accounts by requiring additional verification steps beyond a password.

Troubleshooting Steps (if applicable):

  2. 1.
    Check if the IAM user is subject to compliance with FFIEC guidelines.
  4. 2.
    Verify if MFA is already enabled for the user.
  6. 3.
    Ensure that the correct MFA device has been associated with the user account.
  8. 4.
    Check if the MFA device is functioning properly.
  10. 5.
    Review the IAM policy and check for any specific MFA-related restrictions or conditions that may be causing issues.

Necessary Code (if applicable):

No code is required for this policy. It is managed through the AWS Identity and Access Management (IAM) console.

Remediation Steps:

  2. 1.
    Log in to the AWS Management Console using an account with administrative privileges.
  4. 2.
    Open the IAM service from the services menu.
  6. 3.
    In the navigation pane, click on "Users" to view a list of IAM users.
  8. 4.
    Identify the user(s) who need to have MFA enabled.
  10. 5.
    Select the user(s) and click on the "Security credentials" tab in the details pane.
  12. 6.
    Under "Multi-factor authentication (MFA)", click on "Manage".
  14. 7.
    Choose the appropriate MFA device option - either "Virtual MFA device" (such as Google Authenticator) or "U2F security key".
  16. 8.
    Follow the on-screen instructions to associate the MFA device with the user account.
  18. 9.
    Test the MFA setup to ensure it is functioning properly.
  20. 10.
    Repeat these steps for any other IAM users who require MFA.

Note: Ensure that the MFA device is kept secure and the associated details are communicated securely to the user.

CLI Commands (if applicable):

There are no specific CLI commands required for this policy. MFA configuration is managed through the IAM console.

Is your System Free of Underlying Vulnerabilities?
Find Out Now