Description

AWS Security Hub is a cloud security posture management (CSPM) service that provides centralized visibility and management of security alerts and findings across your AWS accounts. It aggregates findings from AWS services, such as Amazon GuardDuty, Amazon Inspector, and AWS Config, and from third-party security solutions.

Rationale

Security Hub can help you to improve the security of your AWS environment by providing you with a single view of your security posture. It can also help you to identify and remediate security issues more quickly.

Impact

Enabling Security Hub and subscribing to its standard controls can have a significant impact on the security of your AWS environment. It can help you to:

  • Identify security issues that you may not be aware of
  • Remediate security issues more quickly
  • Meet compliance requirements

Default Value

By default, Security Hub is not enabled in AWS accounts. However, you can enable it by following the instructions in the AWS documentation.

Pre-requisites

To enable Security Hub and subscribe to its standard controls, you will need the following:

  • An AWS account
  • An IAM user or role with permissions to enable Security Hub

Remediation Steps

To remediate this policy, you will need to enable Security Hub and subscribe to its standard controls. Here are the steps involved:

  1. Go to the AWS Security Hub console.
  2. Click on the "Enable Security Hub" button.
  3. Select the "Enable default standards" checkbox.
  4. Click on the "Enable Security Hub" button.

Test Plan

To test that Security Hub is enabled and its standard controls are subscribed, you can use the following steps:

  1. Go to the AWS Security Hub console.
  2. Click on the "Findings" tab.
  3. The "Findings" tab should show findings from the standard controls that you subscribed to.

Implementation Plan

The implementation plan for this policy is as follows:

  1. Enable Security Hub.
  2. Subscribe to the standard controls.
  3. Test that the findings are showing up in the "Findings" tab.

AWS CLI Process

To enable Security Hub and subscribe to its standard controls using the AWS CLI, you can use the following commands:

aws securityhub enable-security-hub aws securityhub enable-default-standards

Using AWS GUI

To enable Security Hub and subscribe to its standard controls using the AWS GUI, you can follow these steps:

  1. Go to the AWS Security Hub console.
  2. Click on the "Enable Security Hub" button.
  3. Select the "Enable default standards" checkbox.
  4. Click on the "Enable Security Hub" button.

Backout Plan

To backout of this policy, you can simply disable Security Hub.

Note

This policy does not apply to AWS accounts that are not enrolled in AWS Organizations.

Reference

  • AWS Security Hub documentation: https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-enable.html

Section 2: Tags and Keywords

  • Tags: Security Hub, compliance, security
  • Keywords: CSPM, cloud security, findings, alerts