Control: 5 Virtual MFA should be enabled for the root user
This control checks whether users of your AWS account require a multi-factor authentication (MFA) device to sign in with root user credentials. It does not check whether you are using hardware MFA.
steampipe check aws_compliance.control.pci_v321_iam_5
This control uses a named query:iam_root_user_virtual_mfa