Ensure the root user is not used to access the account
The user or email address that was used to create the AWS account is known as the root account. The root account has the highest privileges and should not be used except for setting the password policy. For this reason it is considered a security best practice to ensure the account is not used and monitor its usage. Ensuring that the root account is not used will help you with CIS and NIST Compliance.