AWS Security ChangesHomeSearch

AWS prescriptive-guidance documentation change

Service: prescriptive-guidance · 2026-07-10 · Documentation medium

File: prescriptive-guidance/latest/security-controls-by-caf-capability/identity-and-access-controls.md

Summary

Expanded security control descriptions with actionable guidance (e.g., 'Enable MFA for root user', 'Rotate keys regularly'). Minor URL text adjustment for MFA requirement announcement.

Security assessment

Enhances documentation of security best practices but does not address a newly disclosed vulnerability. Changes emphasize existing recommendations like MFA enforcement and access key management.

Diff

diff --git a/prescriptive-guidance/latest/security-controls-by-caf-capability/identity-and-access-controls.md b/prescriptive-guidance/latest/security-controls-by-caf-capability/identity-and-access-controls.md
index 14eafceb5..a8eaabf7f 100644
--- a//prescriptive-guidance/latest/security-controls-by-caf-capability/identity-and-access-controls.md
+++ b//prescriptive-guidance/latest/security-controls-by-caf-capability/identity-and-access-controls.md
@@ -7 +7 @@
-Root user activityAccess keys for the root userMFA for the root userIAM best practicesLeast privilegeGuardrails at workload level Rotate IAM access keysExternally shared resources
+Monitor and configure notifications for root user activityDon't create access keys for the root userEnable MFA for the root userFollow the security best practices for IAMGrant least-privilege permissionsDefine permission guardrails at the workload levelRotate IAM access keys at a regular intervalIdentify resources that are shared with an external entity
@@ -13 +13 @@ You can create identities in AWS, or you can connect an external identity source
-###### Controls in this section:
+Controls in this section:
@@ -66 +66 @@ We recommend that you enable multiple multi-factor authentication (MFA) devices
-In 2024, MFA will be required to access the root user of any AWS account. For more information, see [Secure by Design: AWS to enhance MFA requirements in 2024](https://aws.amazon.com/blogs/security/security-by-design-aws-to-enhance-mfa-requirements-in-2024/) in the AWS Security Blog. We strongly encourage you to extend this security practice and require MFA for all user types in your AWS environments.
+In 2024, MFA will be required to access the root user of any AWS account. For more information, see [Secure by Design: AWS to enhance MFA requirements](https://aws.amazon.com/blogs/security/security-by-design-aws-to-enhance-mfa-requirements-in-2024/) in 2024 in the AWS Security Blog. We strongly encourage you to extend this security practice and require MFA for all user types in your AWS environments.