Checks whether multi-factor authentication (MFA) is enabled for Resource Access Management (RAM) user logons. RAM users without MFA enabled are evaluated as non-compliant.
Scenarios
In enterprise security management, verifying MFA for RAM user logons ensures that only users who pass strict identity verification can perform critical operations and access sensitive data, reducing the risk of unauthorized access.
Risk level
Default risk level: High.
You can change the risk level as needed.
Detection logic
The rule checks whether MFA is enabled for RAM user logons. RAM users without MFA enabled are evaluated as non-compliant.
Rule details
|
Parameter |
Description |
|
Rule name |
Check whether MFA is enabled for RAM user logons |
|
Rule identifier |
|
|
Automatic remediation |
Not supported |
|
Trigger type |
Configuration changes |
|
Supported resource types |
ACS::RAM::User |
|
Input parameters |
None |
Remediation
To enable MFA for a RAM user, see Attach an MFA device to a RAM user.