Back to All Checks
Critical IAM

Hardware MFA should be enabled for the root user

CIS

Description

Checks if Hardware MFA is enabled for the root user.

Remediation

To enable hardware MFA for the root user, follow these steps:

Steps

  1. Sign in to the AWS Management Console using your root user credentials.
  2. Navigate to the IAM Dashboard at https://console.aws.amazon.com/iam/.
  3. In the navigation pane, click on 'Dashboard'.
  4. Under the 'Security Status' section, find 'Activate MFA on your root account' and click on 'Manage MFA'.
  5. Select 'A hardware MFA device' and click 'Continue'.
  6. Follow the instructions to initialize your hardware MFA device. This typically involves entering the serial number of the device and two consecutive MFA codes generated by the device.
  7. Once the device is initialized, click 'Activate MFA'.
  8. Ensure that the hardware MFA device is now listed as active for the root user.

Compliance

CIS
Start Your Free Security Check