CloudWiki
Rules
Critical

Ensure all IAM users with console access have MFA enabled

Security & Compliance
CIS
SOC2
GDPR
ISO 27001
FTR
HIPAA
PCI-DSS
FedRAMP
NIST 800-53
CIS 8
CISAWSF
AWS Foundational Security Best Practices Controls
CCPA
Description

Enabling Multi-Factor Authentication (MFA) for IAM users is one of the most effective ways to enhance the security of your AWS resources and services against hacking attempts. With MFA, an extra layer of protection is added to the user's IAM credentials (username and password) through an MFA device signature, making it highly difficult for unauthorized users to gain access to your AWS account without the MFA-generated passcode. To ensure the security of your AWS cloud environment and comply with IAM security best practices, it is recommended to enable MFA for all IAM users' console access within your AWS account. This can provide an additional layer of protection against unauthorized access and help safeguard your AWS resources and services from potential security threats.

Remediation

To ensure that all IAM users with console access have MFA enabled, you can take the following remediation steps:

  1. Identify all IAM users in your AWS account with console access.
  2. Ensure that each user has a unique MFA device associated with their account.
  3. Enable MFA for each user in the AWS Management Console.
  4. Verify that MFA is enabled for each user by testing the login process.
  5. Monitor the IAM users to ensure that they continue to use MFA for console access.

By following these remediation steps, you can ensure that all IAM users with console access have MFA enabled, which can enhance the security of your AWS resources and services and help you comply with IAM security best practices.

Enforced Resources
IAM User
Note: Remediation steps provided by Lightlytics are meant to be suggestions and guidelines only. It is crucial to thoroughly verify and test any remediation steps before applying them to production environments. Each organization's infrastructure and security needs may differ, and blindly applying suggested remediation steps without proper testing could potentially cause unforeseen issues or vulnerabilities. Therefore, it is strongly recommended that you validate and customize any remediation steps to meet your organization's specific requirements and ensure that they align with your security policies and best practices.