{"id":"iam-mfa-enforcement-cannot-be-fully-automated","text":"IAM MFA enforcement has structural automation gaps — FIDO security keys can only be configured via the console and root MFA can only be configured while signed in as root — preventing fully automated MFA lifecycle management across an organization.","truth_value":"IN","source":"","source_url":"","source_hash":"","justifications":[],"dependents":[],"metadata":{},"explanation":{"steps":[{"node":"iam-mfa-enforcement-cannot-be-fully-automated","truth_value":"IN","reason":"premise"}]}}