Checks whether multi-factor authentication (MFA) is enabled for each RAM user. If so, the evaluation result is Compliant.
Scenarios
After you enable MFA for a RAM user, MFA is used for logons by the RAM user. This reduces losses that may be caused by account theft.
Risk level
Default risk level: high.
When you apply this rule, you can change the risk level based on your business requirements.
Compliance evaluation logic
- If MFA is enabled for each RAM user, the evaluation result is Compliant.
- If MFA is disabled for a RAM user, the evaluation result is Incompliant. For more information about how to remediate an incompliant configuration, see Incompliance remediation.
Rule details
| Item | Description |
| Rule name | ram-user-mfa-check |
| Rule identifier | ram-user-mfa-check |
| Tag | RAM and User |
| Automatic remediation | Supported |
| Trigger type | Configuration change and periodic execution |
| Evaluation frequency | Interval of 24 hours |
| Supported resource type | RAM user |
| Input parameter | None. |
Incompliance remediation
Enable MFA for a RAM user. For more information, see Enable an MFA device for a RAM user.
该文章对您有帮助吗?