ram-user-mfa-check

更新时间:
复制 MD 格式

Checks whether multi-factor authentication (MFA) is enabled for each RAM user. If so, the evaluation result is Compliant.

Scenarios

After you enable MFA for a RAM user, MFA is used for logons by the RAM user. This reduces losses that may be caused by account theft.

Risk level

Default risk level: high.

When you apply this rule, you can change the risk level based on your business requirements.

Compliance evaluation logic

  • If MFA is enabled for each RAM user, the evaluation result is Compliant.
  • If MFA is disabled for a RAM user, the evaluation result is Incompliant. For more information about how to remediate an incompliant configuration, see Incompliance remediation.

Rule details

ItemDescription
Rule nameram-user-mfa-check
Rule identifierram-user-mfa-check
TagRAM and User
Automatic remediationSupported
Trigger typeConfiguration change and periodic execution
Evaluation frequencyInterval of 24 hours
Supported resource typeRAM user
Input parameterNone.

Incompliance remediation

Enable MFA for a RAM user. For more information, see Enable an MFA device for a RAM user.