Description
AWS Security Hub is a cloud security posture management (CSPM) service that provides centralized visibility and management of security alerts and findings across your AWS accounts. It aggregates findings from AWS services, such as Amazon GuardDuty, Amazon Inspector, and AWS Config, and from third-party security solutions.
Rationale
Security Hub can help you to improve the security of your AWS environment by providing you with a single view of your security posture. It can also help you to identify and remediate security issues more quickly.
Impact
Enabling Security Hub and subscribing to its standard controls can have a significant impact on the security of your AWS environment. It can help you to:
- Identify security issues that you may not be aware of
- Remediate security issues more quickly
- Meet compliance requirements
Default Value
By default, Security Hub is not enabled in AWS accounts. However, you can enable it by following the instructions in the AWS documentation.
Pre-requisites
To enable Security Hub and subscribe to its standard controls, you will need the following:
- An AWS account
- An IAM user or role with permissions to enable Security Hub
Remediation Steps
To remediate this policy, you will need to enable Security Hub and subscribe to its standard controls. Here are the steps involved:
- Go to the AWS Security Hub console.
- Click on the "Enable Security Hub" button.
- Select the "Enable default standards" checkbox.
- Click on the "Enable Security Hub" button.
Test Plan
To test that Security Hub is enabled and its standard controls are subscribed, you can use the following steps:
- Go to the AWS Security Hub console.
- Click on the "Findings" tab.
- The "Findings" tab should show findings from the standard controls that you subscribed to.
Implementation Plan
The implementation plan for this policy is as follows:
- Enable Security Hub.
- Subscribe to the standard controls.
- Test that the findings are showing up in the "Findings" tab.
AWS CLI Process
To enable Security Hub and subscribe to its standard controls using the AWS CLI, you can use the following commands:
aws securityhub enable-security-hub aws securityhub enable-default-standards
Using AWS GUI
To enable Security Hub and subscribe to its standard controls using the AWS GUI, you can follow these steps:
- Go to the AWS Security Hub console.
- Click on the "Enable Security Hub" button.
- Select the "Enable default standards" checkbox.
- Click on the "Enable Security Hub" button.
Backout Plan
To backout of this policy, you can simply disable Security Hub.
Note
This policy does not apply to AWS accounts that are not enrolled in AWS Organizations.
Reference
- AWS Security Hub documentation: https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-enable.html
Section 2: Tags and Keywords
- Tags: Security Hub, compliance, security
- Keywords: CSPM, cloud security, findings, alerts