Which compliance frameworks require avoid the use of root account?

This security check is required by the following compliance frameworks: CIS AWS v1.5.0, CIS AWS v2.0, SOC 2, PCI-DSS, NIST 800-53, HIPAA.

HIGHCIS 1.1

Avoid the use of root account

The root account has unrestricted access to all resources in the AWS account. It is highly recommended that the use of this account be avoided for everyday tasks. Using root account for daily operations increases the risk of accidental or malicious changes to critical resources.

Security Impact

Root account compromise could lead to complete account takeover and data breach. All resources, billing, and account settings are at risk.

How to Remediate

Create IAM users with appropriate permissions for everyday tasks. Enable MFA on root account and do not create access keys for root. Use AWS Organizations SCPs to restrict root account usage.

Affected Resources

AWS::IAM::UserAWS::IAM::Root

Compliance Frameworks

CIS AWS v1.5.0CIS AWS v2.0SOC 2PCI-DSSNIST 800-53HIPAA

How TigerGate Helps

TigerGate continuously monitors your AWS environment to detect and alert on this misconfiguration. Here's what our platform does for this specific check:

Continuous Scanning
Automatically scans all Identity and Access Management (IAM) resources across your AWS accounts every hour
Instant Alerts
Get notified via Slack, email, or webhooks when this misconfiguration is detected
One-Click Remediation
Fix this issue directly from the TigerGate dashboard with our guided remediation
Compliance Evidence
Automatically collect audit evidence for CIS AWS v1.5.0, CIS AWS v2.0, SOC 2 compliance
Drift Detection
Get alerted if this configuration drifts back to an insecure state after remediation