AWS IAM high security documentation change
Summary
Updated MFA enforcement language to state universal requirement for root users
Security assessment
Clarifies and strengthens MFA enforcement policy for root users across all account types
Diff
diff --git a/IAM/latest/UserGuide/id_credentials_mfa.md b/IAM/latest/UserGuide/id_credentials_mfa.md index 1271c3264..c5755c7b3 100644 --- a//IAM/latest/UserGuide/id_credentials_mfa.md +++ b//IAM/latest/UserGuide/id_credentials_mfa.md @@ -11 +11 @@ For increased security, we recommend that you configure multi-factor authenticat -While MFA is enforced for root users by default, it requires customer action to add MFA during the initial account creation or as prompted during sign-in. For example, AWS requires that you register MFA for the root user of your organization's management account within the first 35 days of signing in. For more information, see [Secure your AWS Organizations account root user credentials](./root-user-best-practices.html#ru-bp-organizations). +MFA is enforced for all account types for their root user. For more information, see [Secure your AWS Organizations account root user credentials](./root-user-best-practices.html#ru-bp-organizations).