AWS Security ChangesHomeSearch

AWS IAM documentation change

Service: IAM · 2025-02-27 · Documentation low

File: IAM/latest/UserGuide/id_credentials_mfa.md

Summary

Added specific information about MFA enforcement timeline for organization management account root users

Security assessment

The change adds more detailed information about MFA requirements for root users, which is a security best practice, but does not address a specific security issue or vulnerability.

Diff

diff --git a/IAM/latest/UserGuide/id_credentials_mfa.md
index 019b74809..14863ccf8 100644
--- a/IAM/latest/UserGuide/id_credentials_mfa.md
+++ b/IAM/latest/UserGuide/id_credentials_mfa.md
@@ -9 +9,3 @@ MFA typesMFA recommendationsAdditional resources
-For increased security, we recommend that you configure multi-factor authentication (MFA) to help protect your AWS resources. You can enable MFA for the AWS account root user of all AWS accounts, including standalone accounts, management accounts, and member accounts, as well as for your IAM users. While MFA is enforced for root users by default, it requires customer action to add MFA during the initial account creation or as prompted during sign-in.
+For increased security, we recommend that you configure multi-factor authentication (MFA) to help protect your AWS resources. You can enable MFA for the AWS account root user of all AWS accounts, including standalone accounts, management accounts, and member accounts, as well as for your IAM users.
+
+While MFA is enforced for root users by default, it requires customer action to add MFA during the initial account creation or as prompted during sign-in. For example, AWS requires that you register MFA for the root user of your organization's management account within the first 35 days of signing in. For more information, see [Secure your Organizations account root user credentials](./root-user-best-practices.html#ru-bp-organizations).