IAM Root User MFA Enabled Rule
This rule ensures that MFA is enabled for the IAM root user for enhanced security measures.
| Rule | IAM root user MFA should be enabled |
| Framework | GxP 21 CFR Part 11 |
| Severity | ✔ Medium |
Rule Description:
The rule requires enabling Multi-Factor Authentication (MFA) for the root user of the Identity and Access Management (IAM) service in order to comply with the GxP (Good Practice) regulations outlined in 21 CFR Part 11. This rule ensures that the root user, which has full administrative privileges, implements an additional layer of security by requiring a second form of authentication beyond just the password.
Enabling MFA mitigates the risk of unauthorized access to critical systems and sensitive data, effectively safeguarding against potential cyber threats and assuring compliance with the GxP regulations.
Troubleshooting Steps (if applicable):
If you encounter any issues while enabling MFA for the IAM root user, follow these troubleshooting steps:
- 1.
Check if the IAM user has sufficient permissions to enable MFA for the root user. Verify the user's IAM policy and ensure it includes the necessary IAM permissions.
- 2.
Verify if the MFA device is correctly synced with the IAM user. If not, re-sync the device by following the instructions provided by the MFA provider.
- 3.
Ensure that the correct MFA type is selected and configured for the root user. Validate that the MFA method aligns with the organization's security requirements and complies with the GxP regulations.
- 4.
If using a virtual MFA device, such as a software-based authenticator app, make sure the app is up to date and compatible with the IAM service. Try reinstalling or updating the app if necessary.
- 5.
If using a hardware MFA device, ensure it is functional, batteries are operational (if applicable), and correctly paired with the IAM service. Troubleshoot any connectivity or pairing issues with the MFA device.
- 6.
Double-check the IAM root user credentials and ensure they are correct. Reset the password if needed, or contact the appropriate team for assistance.
Necessary Codes/Configurations (if applicable):
To enable MFA for the IAM root user, follow these step-by-step instructions:
- 1.
Open the AWS Management Console and navigate to the IAM service.
- 2.
In the left-hand navigation pane, click on "Users" and search for the root user account.
- 3.
Select the root user from the list and click on the "Security credentials" tab.
- 4.
Under "Multi-factor authentication (MFA)", click on "Manage".
- 5.
Choose the desired MFA type: "Virtual MFA device" or "Hardware MFA device".
- 6.
Follow the on-screen instructions to set up the selected MFA device type.
- 7.
Once the MFA device is configured, click on "Enable" to enable MFA for the root user.
- 8.
Verify the MFA activation by following the provided instructions on the confirmation screen.
Remember to securely store the MFA device and backup the associated credentials. The MFA will be required whenever accessing the AWS Management Console or performing privileged operations as the root user.
Note: It is recommended to consult any internal company guidelines, regulatory requirements, or additional security measures specific to GxP and 21 CFR Part 11 compliance.