SecurityControlDefinition - AWS Security Hub

SecurityControlDefinition

Provides metadata for a security control, including its unique standard-agnostic identifier, title, description, severity, availability in AWS Regions, and a link to remediation steps.

Contents

CurrentRegionAvailability

Specifies whether a security control is available in the current AWS Region.

Type: String

Valid Values: AVAILABLE | UNAVAILABLE

Required: Yes

Description

The description of a security control across standards. This typically summarizes how Security Hub evaluates the control and the conditions under which it produces a failed finding. This parameter doesn't reference a specific standard.

Type: String

Pattern: .*\S.*

Required: Yes

RemediationUrl

A link to Security Hub documentation that explains how to remediate a failed finding for a security control.

Type: String

Pattern: .*\S.*

Required: Yes

SecurityControlId

The unique identifier of a security control across standards. Values for this field typically consist of an AWS service name and a number (for example, APIGateway.3). This parameter differs from SecurityControlArn, which is a unique Amazon Resource Name (ARN) assigned to a control. The ARN references the security control ID (for example, arn:aws:securityhub:eu-central-1:123456789012:security-control/APIGateway.3).

Type: String

Pattern: .*\S.*

Required: Yes

SeverityRating

The severity of a security control. For more information about how Security Hub determines control severity, see Assigning severity to control findings in the Security Hub User Guide.

Type: String

Valid Values: LOW | MEDIUM | HIGH | CRITICAL

Required: Yes

Title

The title of a security control.

Type: String

Pattern: .*\S.*

Required: Yes

CustomizableProperties

Security control properties that you can customize. Currently, only parameter customization is supported for select controls. An empty array is returned for controls that don’t support custom properties.

Type: Array of strings

Valid Values: Parameters

Required: No

ParameterDefinitions

An object that provides a security control parameter name, description, and the options for customizing it. This object is excluded for a control that doesn't support custom parameters.

Type: String to ParameterDefinition object map

Key Pattern: .*\S.*

Required: No

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following: