IAM Root User Hardware MFA Enabled Rule
This rule ensures the hardware MFA is enabled for IAM root user.
| Rule | IAM root user hardware MFA should be enabled |
| Framework | GxP 21 CFR Part 11 |
| Severity | ✔ Critical |
Rule Description:
In order to comply with the requirements of GxP 21 CFR Part 11, it is necessary to enable hardware multi-factor authentication (MFA) for the IAM root user in AWS.
Troubleshooting Steps:
- Ensure that you have administrator access to your AWS account.
- Verify that you are the root user or have the necessary permissions to enable MFA for the IAM root user.
Necessary Codes:
No specific code is required for this rule.
Step-by-Step Guide for Remediation:
- 1.Open the AWS Management Console and sign in with your root user credentials.
- 2.Go to the IAM service dashboard by searching for "IAM" in the search bar or by selecting it from the services menu.
- 3.In the left navigation panel, click on "Dashboard" to access the IAM dashboard.
- 4.In the Dashboard, locate and click on the "Activate MFA on your root account" option.
- 5.On the "Activate MFA on your AWS root account" page, you will see two options: "Virtual MFA device" and "U2F security key."
- 6.It is recommended to select the "U2F security key" option as it is more secure. However, if you prefer to use a virtual MFA device, you can select that option instead.
- 7.Follow the instructions provided by AWS to set up the chosen MFA method for your root user account.
- 8.Once the MFA setup is complete, you will receive a confirmation message stating that MFA has been successfully enabled for the root user account.
Note: It is important to securely store your MFA device or keys and follow your organization's MFA policies and practices.
Conclusion:
Enabling hardware MFA for the IAM root user in compliance with GxP 21 CFR Part 11 will ensure an additional layer of security for your AWS account. This will help protect against unauthorized access and meet regulatory requirements for data integrity and control.