AWS Security ChangesHomeSearch

AWS IAM high security documentation change

Service: IAM · 2025-04-16 · Security-related high

File: IAM/latest/UserGuide/id_credentials_mfa.md

Summary

Updated MFA enforcement language to state universal requirement for root users

Security assessment

Clarifies and strengthens MFA enforcement policy for root users across all account types

Diff

diff --git a/IAM/latest/UserGuide/id_credentials_mfa.md b/IAM/latest/UserGuide/id_credentials_mfa.md
index 1271c3264..c5755c7b3 100644
--- a//IAM/latest/UserGuide/id_credentials_mfa.md
+++ b//IAM/latest/UserGuide/id_credentials_mfa.md
@@ -11 +11 @@ For increased security, we recommend that you configure multi-factor authenticat
-While MFA is enforced for root users by default, it requires customer action to add MFA during the initial account creation or as prompted during sign-in. For example, AWS requires that you register MFA for the root user of your organization's management account within the first 35 days of signing in. For more information, see [Secure your AWS Organizations account root user credentials](./root-user-best-practices.html#ru-bp-organizations). 
+MFA is enforced for all account types for their root user. For more information, see [Secure your AWS Organizations account root user credentials](./root-user-best-practices.html#ru-bp-organizations).