Enabling new controls in enabled standards automatically - AWS Security Hub

Enabling new controls in enabled standards automatically

AWS Security Hub regularly adds new controls to standards. You can choose whether to automatically enable new controls in your enabled standards. If you do not automatically enable new controls, then you must enable them manually. See Enabling and disabling controls in all standards.

Security Hub doesn't enable new controls when they are added to a standard that you disabled.

Choose your preferred access method, and follow the steps to automatically enable new controls in enabled standards.

Security Hub console

  1. Open the AWS Security Hub console at https://console.aws.amazon.com/securityhub/.

  2. Open the AWS Security Hub console at https://console.aws.amazon.com/securityhub/.

  3. In the navigation pane, choose Settings, and then choose the General tab.

  4. Under Controls, choose Edit.

  5. Turn on Auto-enable new controls in enabled standards.

  6. Choose Save.

Security Hub API

  1. Run UpdateSecurityHubConfiguration.

  2. To automatically enable new controls for enabled standards, set AutoEnableControls to true. If you don't want to automatically enable new controls, set AutoEnableControls to false.

AWS CLI

  1. Run the update-security-hub-configuration command.

  2. To automatically enable new controls for enabled standards, specify --auto-enable-controls. If you don't want to automatically enable new controls, specify --no-auto-enable-controls.

    aws securityhub update-security-hub-configuration --auto-enable-controls | --no-auto-enable-controls

    Example command

    aws securityhub update-security-hub-configuration --auto-enable-controls