Checks whether multi-factor authentication (MFA) is enabled for each Alibaba Cloud account.
Scenario
After you enable MFA for an Alibaba Cloud account, MFA is used for logons by using the Alibaba Cloud account. This reduces losses caused by account theft.
Risk level
Default risk level: high.
You can change the risk level as required when you apply this rule.
Compliance evaluation logic
- If MFA is enabled for each Alibaba Cloud account, the evaluation result is compliant.
- If MFA is disabled for an Alibaba Cloud account, the evaluation result is non-compliant. For more information about how to correct the non-compliant configuration, see Non-compliance remediation.
Rule details
| Item | Description |
|---|---|
| Rule name | root-mfa-check |
| Rule ID | root-mfa-check |
| Tag | RAM and User |
| Automatic remediation | Not supported |
| Trigger type |
|
| Time interval | 24 hours Note The interval at which the rule is executed. |
| Supported resource type | None |
| Input parameter | None |
Non-compliance remediation
Enable MFA for the Alibaba Cloud account. For more information, see Enable an MFA device for an Alibaba Cloud account.