Controls › CC-6.1
CC-6.1 · MFA — privileged accounts
SOC 2 · ISO 27001 · NIST CSF · Last cleared today by John A.
Linked evidence
Active · 90-day windowPDF
aws-iam-root-mfa-2026-q1.pdf
Uploaded May 2 · 124 KB · From thread #4391 (Greg Chen)
Why this satisfies the control
The auditor (Greg Chen) requested AWS root MFA evidence for Q1 on May 2. John A. provided
aws-iam-root-mfa-2026-q1.pdf showing MFA enforced on all 3 root accounts. Greg confirmed it covers his requirement, and asked for the date of the last security policy review (provided as well). Auditborb AI verified the attachment matches CC-6.1's evidence requirements and tagged it to ISO 27001 A.9.4.2 and NIST CSF PR.AC-7 (pre-mapped relationships).
Conversation thread
Open full thread →StartedMay 2, 2026 · 10:24 AM
ResolvedMay 2, 2026 · 11:08 AM (44 min total)
ParticipantsGreg Chen, John A., Auditborb AI
Messages5 (2 from auditor, 1 from owner, 2 system)
Auto-mappings3 frameworks (98% / 96% / 87% confidence)
Step 3 of 3 — The conversation closes the loop: thread → tagged evidence → control cleared. Audit trail and chain of custody are preserved automatically. Compare with Option C — that approach makes reuse the headline. Here, conversation is the input mechanism, but the moat is still the structured backing.