top of page
IAM.9
Virtual MFA should be enabled for the root user
Severity
Cloud Platforms
Resources
Related Standards
Automated
CRITICAL
AWS
AWS Identity and Access Management
AWS CIS Foundations v1.2 & v1.4, AWS Well-Architected, AWS Foundational Technical Review, CIS v8, PCI DSS v3.2.1, CDR, ISO27001, SOC2, NIST.800-53.r5,
This AWS control checks whether users of your AWS account require a multi-factor authentication (MFA) device to sign in with root user credentials.
bottom of page