Authentication

Root User without MFA

Platform(s)
Compliance Frameworks

AliCloud CIS, Data Security Posture Management (DSPM) Best Practices, essential_8_au, essential_8_au_level_1, essential_8_au_level_2, Mitre ATT&CK, mpa, New Zealand Information Security Manual, NIST 800-171, NIST 800-53, pipeda, UK Cyber Essentials

Description

The root account is the highest privileged user in the cloud account. Multi-Factor Authentication (MFA) adds another mechanism of authentication on top of a username and password. It makes it harder for an attacker to gain access to protected resources. Therefore, MFA should be enabled for the root user. It was detected that the root user does not have MFA enabled.
Need help?

Get a free Security Risk Assessment. Start today

A screenshot of the Orca platform dashboard summarizing all of your cloud security risks

Personalized Demo

See Orca Security in Action

Gain visibility, achieve compliance, and prioritize risks with the Orca Cloud Security Platform.

Get a Demo