Enabling new controls in enabled standards automatically
AWS Security Hub regularly releases new controls and adds them to one or more standards. You can choose whether to automatically enable new controls in your enabled standards.
Note
If you use central configuration and include a list of specific controls to disable in your configuration policy (programmatically, this
reflects the DisabledSecurityControlIdentifiers
parameter, Security Hub automatically enables all other controls across
standards, including newly released controls. For more information, see How configuration policies work in Security Hub.
We recommend using Security Hub central configuration to automatically enable new security controls. You can create configuration policies that include a list of controls to be disabled across standards. All other controls, including newly released ones, are enabled by default. Alternatively, you can create policies that include a list of controls to be enabled across standards. All other controls, including newly released ones, are disabled by default. For more information, see Understanding central configuration in Security Hub.
Security Hub doesn't enable new controls when they are added to a standard that you haven't enabled.
The following instructions apply only if you don't use central configuration.
Choose your preferred access method, and follow the steps to automatically enable new controls in enabled standards.
If you don't automatically enable new controls, then you must enable them manually. For instructions, see Configuring controls across standards.