SecurityControlDefinition

Specifies whether a security control is available in the current AWS Region.

Type: String

Valid Values: AVAILABLE | UNAVAILABLE

Required: Yes

The description of a security control across standards. This typically summarizes how Security Hub evaluates the control and the conditions under which it produces a failed finding. This parameter doesn't reference a specific standard.

Type: String

Pattern: .*\S.*

Required: Yes

A link to Security Hub documentation that explains how to remediate a failed finding for a security control.

Type: String

Pattern: .*\S.*

Required: Yes

The unique identifier of a security control across standards. Values for this field typically consist of an AWS service name and a number (for example, APIGateway.3). This parameter differs from SecurityControlArn, which is a unique Amazon Resource Name (ARN) assigned to a control. The ARN references the security control ID (for example, arn:aws:securityhub:eu-central-1:123456789012:security-control/APIGateway.3).

Type: String

Pattern: .*\S.*

Required: Yes

The severity of a security control. For more information about how Security Hub determines control severity, see Assigning severity to control findings in the Security Hub User Guide.

Type: String

Valid Values: LOW | MEDIUM | HIGH | CRITICAL

Required: Yes

The title of a security control.

Type: String

Pattern: .*\S.*

Required: Yes

Security control properties that you can customize. Currently, only parameter customization is supported for select controls. An empty array is returned for controls that don’t support custom properties.

Type: Array of strings

Valid Values: Parameters

Required: No

An object that provides a security control parameter name, description, and the options for customizing it. This object is excluded for a control that doesn't support custom parameters.

Type: String to ParameterDefinition object map

Key Pattern: .*\S.*

Required: No