Document history for the AWS Security Hub User Guide - AWS Security Hub

Document history for the AWS Security Hub User Guide

The following table describes the updates to the documentation for AWS Security Hub.

Note

For security control releases, the date specified is the date when the controls are available in all accounts and Regions. It can take 1-2 weeks for controls to reach all accounts and Regions.

ChangeDescriptionDate

New security controls

The following new Security Hub controls are available.

October 18, 2024

New security controls

The following new Security Hub controls are available.

October 3, 2024

New security controls

The following new Security Hub controls are available.

August 30, 2024

New finding panel

The new finding panel on the Security Hub console helps you quickly take action on findings, review resource details and finding history, and find other pertinent information about a finding.

August 16, 2024

Update to Config.1 control

The Config.1 control checks whether AWS Config is enabled, uses the service-linked role, and records resources for enabled controls. Security Hub added a custom control parameter named includeConfigServiceLinkedRoleCheck. By setting this parameter to false, you can opt out of checking whether AWS Config uses the service-linked role.

August 15, 2024

Designate a home Region without linked Regions

You can now create a finding aggregator and establish a home Region without linking any AWS Regions to the home Region. This allows you to enable central configuration without specifying linked Regions.

July 25, 2024

Select controls available in more Regions

The following controls are now available in additional AWS Regions, including US East (N. Virginia) and US East (Ohio).

July 15, 2024

New security controls

The following new Security Hub controls are available:

July 11, 2024

Release of CIS AWS Foundations Benchmark v3.0.0

Security Hub released Center for Internet Security (CIS) AWS Foundations Benchmark v3.0.0. The release includes the following new controls, as well as mappings to several existing controls.

May 13, 2024

New security controls

The following new Security Hub controls are available:

May 3, 2024

AWS Resource Tagging Standard

The AWS Resource Tagging Standard from Security Hub is now generally available, along with new controls that apply to the standard.

April 30, 2024

Update to existing managed policy

Security Hub updated the AWS managed policy named AmazonSecurityHubFullAccess to get pricing details for AWS services and products.

April 24, 2024

In-context configuration of control parameters

If you use central configuration, you can now configure control parameters in context, from the details page of a control on the Security Hub console.

March 29, 2024

Update to existing managed policy

Security Hub updated the AWS managed policy named AWSSecurityHubReadOnlyAccess by adding a Sid field.

February 22, 2024

New security control

The control [Macie.2] Macie automated sensitive data discovery should be enabled is now available. For Regional limits on this control, see Availability of controls by Region.

February 19, 2024

Security Hub available in Canada West (Calgary)

Security Hub is now available in Canada West (Calgary). All Security Hub features are now available in this Region, with the exception of certain security controls. For more information, see Availability of controls by Region.

December 20, 2023

New security controls

The following new Security Hub controls are available:

December 14, 2023

Finding enrichment

Security Hub added the new finding fields AwsAccountName, ApplicationArn, and ApplicationName to the AWS Security Finding Format (ASFF).

November 27, 2023

Enhancements to Summary dashboard

You can now access more dashboard widgets on the Summary page of the Security Hub console, save dashboard filter sets to quickly focus on specific security issues, and customize the dashboard layout.

November 27, 2023

Central configuration

Central configuration is now available. With central configuration, the Security Hub delegated administrator can configure Security Hub, standards, and controls across multiple organization accounts, organizational units (OUs), and Regions.

November 27, 2023

Updates to managed policy

Security Hub added new permissions to the AWSSecurityHubServiceRolePolicy managed policy that allow Security Hub to read and update customizable security control properties.

November 26, 2023

Custom control parameters

You can now customize parameter values for select Security Hub controls. This can make findings for a specific control more relevant to your business requirements and security expectations.

November 26, 2023

Updates to managed policies

Security Hub updated the AWSSecurityHubFullAccess and AWSSecurityHubOrganizationsAccess managed policies that permit you to use, respectively, Security Hub features and the integration with AWS Organizations.

November 16, 2023

Existing security controls added to Service-Managed Standard: AWS Control Tower

The following existing Security Hub controls have been added to Service-Managed Standard: AWS Control Tower.

  • ACM.2

  • AppSync.5

  • CloudTrail.6

  • DMS.9

  • DocumentDB.3

  • DynamoDB.3

  • EC2.23

  • EKS.1

  • ElastiCache.3

  • ElastiCache.4

  • ElastiCache.5

  • ElastiCache.6

  • EventBridge.3

  • KMS.4

  • Lambda.3

  • MQ.5

  • MQ.6

  • MSK.1

  • RDS.12

  • RDS.15

  • S3.17

November 14, 2023

Updates to managed policy

Security Hub added a new tagging permission to the AWSSecurityHubServiceRolePolicy managed policy that allows Security Hub to read resource tags related to findings.

November 7, 2023

New security controls

The following new Security Hub controls are available:

October 10, 2023

Updates to managed policy

Security Hub added new Organizations actions to the AWSSecurityHubServiceRolePolicy managed policy that allow Security Hub to retrieve account and organizational unit (OU) information. We also added new Security Hub actions that allow Security Hub to read and update service configurations, including standards and controls.

September 27, 2023

Existing security controls added to Service-Managed Standard: AWS Control Tower

The following existing Security Hub controls have been added to Service-Managed Standard: AWS Control Tower.

September 26, 2023

Consolidated controls view and consolidated control findings available in AWS GovCloud (US)

Consolidated controls view and consolidated control findings are now available in the AWS GovCloud (US) Region. The Controls page of the Security Hub console shows all your controls across standards. Each control has the same control ID across standards. When you turn on consolidated control findings, you receive a single finding per security check even when a control applies to multiple enabled standards.

September 6, 2023

Consolidated controls view and consolidated control findings available in China Regions

Consolidated controls view and consolidated control findings are now available in the China Regions. The Controls page of the Security Hub console shows all your controls across standards. Each control has the same control ID across standards. When you turn on consolidated control findings, you receive a single finding per security check even when a control applies to multiple enabled standards.

August 28, 2023

Security Hub available in Israel (Tel Aviv) Region

Security Hub is now available in Israel (Tel Aviv). All Security Hub features are now available in this Region, with the exception of certain security controls. For more information, see Availability of controls by Region.

August 8, 2023

New security controls

The following new Security Hub controls are available:

July 28, 2023

New operators for automation rule criteria

You can now use CONTAINS and NOT_CONTAINS comparison operators for automation rule map and string criteria.

July 25, 2023

Automation rules

Security Hub now offers automation rules that automatically update findings based on criteria that you specify.

June 13, 2023

New third party integration

Snyk is a new third-party integration that sends findings to Security Hub.

June 12, 2023

Existing security controls added to Service-Managed Standard: AWS Control Tower

The following existing Security Hub controls have been added to Service-Managed Standard: AWS Control Tower.

June 12, 2023

New security controls

The following new Security Hub controls are available:

June 6, 2023

Security Hub available in Asia Pacific (Melbourne)

Security Hub is now available in Asia Pacific (Melbourne). All Security Hub features are now available in this Region, with the exception of certain security controls. For more information, see Availability of controls by Region.

May 25, 2023

Finding history

Security Hub can now track the history of a finding during the last 90 days.

May 4, 2023

New security controls

The following new Security Hub controls are available:

March 29, 2023

Expanded support for consolidated control findings

The Automated Security Response on AWS v2.0.0 now supports consolidated control findings.

March 24, 2023

Security Hub available in new AWS Regions

Security Hub is now available in Asia Pacific (Hyderabad), Europe (Spain), and Europe (Zurich). Limits exist on which controls are available in these Regions.

March 21, 2023

Update to managed policy

Security Hub has updated an existing permission in the AWSSecurityHubServiceRolePolicy managed policy.

March 17, 2023

New security controls for NIST 800-53 standard

Security Hub has added the following security controls, which are applicable to the NIST 800-53 standard:

March 3, 2023

National Institute of Standards and Technology (NIST) 800-53 Rev. 5

Security Hub now supports the NIST 800-53 Rev. 5 standard with more than 200 applicable security controls.

February 28, 2023

Consolidated controls view and control findings

With the release of consolidated controls view, the Controls page of the Security Hub console shows all your controls across standards. Each control has the same control ID across standards. When you turn on consolidated control findings, you receive a single finding per security check even when a control applies to multiple enabled standards.

February 23, 2023

New security controls

The following new Security Hub controls are available. Some controls have Regional limitations.

February 16, 2023

New ASFF fields

Security Hub has added ProductFields.ArchivalReasons:0/Description and ProductFields.ArchivalReasons:0/ReasonCode to the AWS Security Finding Format (ASFF).

February 8, 2023

New ASFF fields

Security Hub has added Compliance.AssociatedStandards and Compliance.SecurityControlId to the AWS Security Finding Format (ASFF).

January 31, 2023

Vulnerability details now available

You can now see vulnerability details in the Security Hub console for findings that Amazon Inspector sends to Security Hub.

January 14, 2023

Security Hub is available in Middle East (UAE)

Security Hub is now available in Middle East (UAE). Some controls have Regional limits.

January 12, 2023

Added third-party integration with MetricStream

Security Hub now supports a third-party integration with MetricStream in all Regions except China and AWS GovCloud (US).

January 11, 2023

Increased organizational account limit

Security Hub now supports up to 11,000 member accounts for each Security Hub administrator account per Region.

December 27, 2022

ElasticBeanstalk.3 rolled back

Security Hub rolled back the control [ElasticBeanstalk.3] Elastic Beanstalk should stream logs to CloudWatch from the FSBP standard in all Regions.

December 21, 2022

Security Hub adds new security controls

New Security Hub controls are available to customers who have enabled the FSBP standard. Some controls have Regional limitations.

December 15, 2022

Guidance on upcoming features

Security Hub is planning to release two new features: consolidated controls view and consolidated control findings. These upcoming features may impact existing workflows that rely on control finding fields and values.

December 9, 2022

Amazon Security Lake integration now available

Security Lake now integrates with Security Hub by receiving Security Hub findings.

November 29, 2022

Support for Service-Managed Standard: AWS Control Tower

Security Hub supports a new security standard called Service-Managed Standard: AWS Control Tower. AWS Control Tower manages this standard.

November 28, 2022

CIS AWS Foundations Benchmark v1.4.0 now available in China Regions

Security Hub now supports CIS AWS Foundations Benchmark v1.4.0 in the China Regions.

November 18, 2022

Jira Service Management Cloud integration now available

Jira Service Management Cloud now receives Security Hub findings in all available Regions, except the China Regions.

November 17, 2022

AWS IoT Device Defender integration now available

AWS IoT Device Defender now sends findings to Security Hub in all available Regions.

November 17, 2022

Support for CIS AWS Foundations Benchmark v1.4.0

Security Hub now provides security controls that support CIS AWS Foundations Benchmark v1.4.0. This standard is available in all available Regions, except the China Regions.

November 9, 2022

Support for Security Hub announcements in AWS GovCloud (US)

You can now subscribe to Security Hub announcements with Amazon Simple Notification Service (Amazon SNS) in AWS GovCloud (US-East) and AWS GovCloud (US-West) to receive notifications about Security Hub.

October 3, 2022

AWS Security Hub adds a new security control

The new Security Hub control AutoScaling.9 is available to customers who have enabled the FSBP standard. Controls may have Regional limitations.

September 1, 2022

Subscribe to Security Hub announcements

You can now subscribe to Security Hub announcements with Amazon Simple Notification Service (Amazon SNS) to receive notifications about Security Hub.

August 29, 2022

Region expansion for cross-Region aggregation

Cross-Region aggregation is now available for findings, finding updates, and insights across AWS GovCloud (US).

August 2, 2022

New third-party product integrations

Fortinet - FortiCNP is a third-party integration that receives Security Hub findings, and JFrog is a third-party integration that sends findings to Security Hub.

July 26, 2022

EC2.27 is retired

Security Hub has retired EC2.27 - Running EC2 Instances should not use key pairs, a former control in the AWS Foundational Security Best Practices (FSBP) standard.

July 20, 2022

Lambda.2 no longer supports python3.6

Security Hub no longer supports python3.6 as a parameter for Lambda.2 - Lambda functions should use supported runtimes, a control in the AWS Foundational Security Best Practices (FSBP) standard.

July 19, 2022

AWS Security Hub adds new security controls

New Security Hub controls are available to customers who have enabled the FSBP standard. Some controls have Regional limitations.

June 22, 2022

AWS Security Hub supports a new Region

Security Hub is now available in Asia Pacific (Jakarta). Some controls are not available in this Region.

June 7, 2022

Improved integration between AWS Security Hub and AWS Config

Security Hub users can see the results of AWS Config rule evaluations as findings in Security Hub.

June 6, 2022

Added ability to opt out of auto-enabled standards

For users who have integrated with AWS Organizations, this feature allows you to log into the Security Hub administrator account and opt new member accounts out of auto-enabled standards.

April 25, 2022

Expanded cross-Region aggregation

Added cross-Region aggregation to control statuses and security scores.

April 20, 2022

CompanyName and ProductName are now top level attributes

Added new top level attributes for setting company and product names associated with custom integrations

April 1, 2022

Added new controls to the AWS Foundational Security Best Practices standard

Added 5 new controls to the AWS Foundational Security Best Practices standard.

March 31, 2022

Added new resource details objectes to ASFF

Added AwsRdsDbSecurityGroup resource type to ASFF.

March 25, 2022

Added additional resources details in ASFF

Added additional details to AwsAutoScalingScalingGroup, AwsElbLoadBalancer, AwsRedshiftCluster, and AwsCodeBuildProject.

March 25, 2022

Added new controls to the AWS Foundational Security Best Practices standard

Added 15 new controls to the AWS Foundational Security Best Practices standard.

March 16, 2022

Added new controls to the AWS Foundational Security Best Practices standard and Payment Card Industry Data Security Standard (PCI DSS)

Added new controls for Amazon OpenSearch Service, Amazon RDS, Amazon EC2, Elastic Load Balancing, and CloudFront to the AWS Foundational Security Best Practices standard. Also added two new controls for OpenSearch Service to the PCI DSS.

February 15, 2022

Added new field to ASFF

Added new field: Sample.

January 26, 2022

Added integration with AWS Health

AWS Health uses service-to-service event messaging to send findings to Security Hub.

January 19, 2022

Added integration with AWS Trusted Advisor

Trusted Advisor sends the results of its checks to Security Hub as Security Hub findings. Security Hub sends the results of its AWS Foundational Security Best Practices checks to Trusted Advisor.

January 18, 2022

Updated resource details objects in ASFF

Added MixedInstancesPolicy and AvailabilityZones to AwsAutoScalingAutoScalingGroup. Added MetadataOptions to AwsAutoScalingLaunchConfiguration. Added BucketVersioningConfiguration to AwsS3Bucket.

December 20, 2021

Updated output for ASFF documentation

The descriptions of ASFF attributes were previously in a single topic. Each top-level object and each resource details object is now in its own topic. The ASFF syntax topic contains links to those topics.

December 20, 2021

Added new resource details objects to ASFF for AWS Network Firewall

For AWS Network Firewall, added the following resource details objects: AwsNetworkFirewallFirewall, AwsNetworkFireFirewallPolicy, and AwsNetworkFirewallRuleGroup.

December 20, 2021

Added support for the new version of Amazon Inspector

Security Hub is integrated with the new version of Amazon Inspector as well as with Amazon Inspector Classic. Amazon Inspector sends findings to Security Hub.

November 29, 2021

Changed the severity of EC2.19

The severity of EC2.19 (Security groups should not allow unrestricted access to ports with high risk) is changed from High to Critical.

November 17, 2021

New integration with Sonrai Dig

Security Hub now offers an integration with Sonrai Dig. Sonrai Dig monitors cloud environments to identify security risks. Sonrai Dig sends findings to Security Hub.

November 12, 2021

Updated check for CIS 2.1 and CloudTrail.1 controls

In addition to checking that at least one multi-Region CloudTrail trail is in place, CIS 2.1 and CloudTrail.1 now also check that the ExcludeManagementEventSources parameter is empty in at least one of the multi-Region CloudTrail trails.

November 9, 2021

Added support for VPC endpoints

Security Hub is now integrated with AWS PrivateLink and supports VPC endpoints.

November 3, 2021

Added controls to the AWS Foundational Security Best Practices standard

Added new controls for Elastic Load Balancing (ELB.2 and ELB.8) and AWS Systems Manager (SSM.4).

November 2, 2021

Added ports to the check for the EC2.19 control

EC2.19 now also checks that security groups do not allow unrestricted ingress access to the following ports: 3000 (Go, Node.js, and Ruby web development frameworks), 5000 (Python web development frameworks), 8088 (legacy HTTP port), and 8888 (alternative HTTP port)

October 27, 2021

Added the integration with Logz.io Cloud SIEM

Logz.io is a provider of Cloud SIEM that provides advanced correlation of log and event data to help security teams to detect, analyze, and respond to security threats in real time. Logz.io receives findings from Security Hub.

October 25, 2021

Added support for cross-Region aggregation of findings

Cross-Region aggregation allows you to view all of your findings without having to change Regions. Administrator accounts choose an aggregation Region and linked Regions. Findings for the administrator account and its member accounts are aggregated from the linked Regions to the aggregation Region.

October 20, 2021

Updated resource details objects in ASFF

Added viewer certificate details to AwsCloudFrontDistribution. Added additional details to AwsCodeBuildProject. Added load balancer attributes to AwsElbV2LoadBalancer. Added the S3 bucket owner account identifier to AwsS3Bucket.

October 8, 2021

Added new resource details objects to ASFF

Added the following new resource details objects to ASFF: AwsEc2VpcEndpointService, AwsEcrRepository, AwsEksCluster, AwsOpenSearchServiceDomain, AwsWafRateBasedRule, AwsWafRegionalRateBasedRule, AwsXrayEncryptionConfig

October 8, 2021

Removed deprecated runtime from the Lambda.2 control

In the AWS Foundational Security Best Practices standard, removed the dotnetcore2.1 runtime from [Lambda.2] Lambda functions should use supported runtimes.

October 6, 2021

New name for Check Point integration

The integration with Check Point Dome9 Arc is now Check Point CloudGuard Posture Management. The integration ARN did not change.

October 1, 2021

Removed the integration with Alcide

The integration with Alcide kAudit is discontinued.

September 30, 2021

Changed the severity of EC2.19

The severity of [EC2.19] Security groups should not allow unrestricted access to ports with high risk is changed from Medium to High.

September 30, 2021

Integration with AWS Organizations is now supported in the China Regions

The Security Hub integration with Organizations is now supported in China (Beijing) and China (Ningxia).

September 20, 2021

New AWS Config rule for the S3.1 and PCI.S3.6 controls

Both S3.1 and PCI.S3.6 verify that the Amazon S3 Block Public Access setting is enabled. The AWS Config rule for these controls is changed from s3-account-level-public-access-blocks to s3-account-level-public-access-blocks-periodic.

September 14, 2021

Removed deprecated runtimes from the Lambda.2 control

In the AWS Foundational Security Best Practices standard, removed the nodejs10.x and ruby2.5 runtimes from [Lambda.2] Lambda functions should use supported runtimes.

September 13, 2021

Changed the severity of the CIS 2.2 control

In the CIS AWS Foundations Benchmark standard, the severity for 2.2. – Ensure CloudTrail log file validation is enabled is changed from Low to Medium.

September 13, 2021

Updated ECS.1, Lambda.2, and SSM.1 in the AWS Foundational Security Best Practices standard

In the AWS Foundational Security Best Practices standard, ECS.1 now has a SkipInactiveTaskDefinitions parameter that is set to true. This ensures that the control only checks active task definitions. For Lambda.2, added Python 3.9 to the list of runtimes. SSM.1 now checks both stopped and running instances.

September 7, 2021

PCI.Lambda.2 control now excludes Lambda@Edge resources

In the Payment Card Industry Data Security Standard (PCI DSS) standard, the PCI.Lambda.2 control now excludes Lambda@Edge resources.

September 7, 2021

Added the integration with HackerOne Vulnerability Intelligence

Security Hub now offers an integration with HackerOne Vulnerability Intelligence. The integration sends findings to Security Hub.

September 7, 2021

Updated resource details objects in ASFF

For AwsKmsKey, added KeyRotationStatus. For AwsS3Bucket, added AccessControlList, BucketLoggingConfiguration, BucketNotificationConfiguration, and BucketWebsiteConfiguration.

September 2, 2021

Added new resource details objects to ASFF

Added the following new resource details objects to ASFF: AwsAutoScalingLaunchConfiguration, AwsEc2VpnConnection, and AwsEcrContainerImage.

September 2, 2021

Added details to the Vulnerabilities object in ASFF

In Cvss , added Adjustments and Source. In VulnerablePackages, added the file path and package manager.

September 2, 2021

Systems Manager Explorer and OpsCenter integration now supported in the China Regions

The Security Hub integration with SSM Explorer and OpsCenter is now supported in China (Beijing) and China (Ningxia).

August 31, 2021

Retiring the Lambda.4 control

Security Hub is retiring the control [Lambda.4] Lambda functions should have a dead-letter queue configured. When a control is retired, it no longer displays on the console, and Security Hub does not perform checks against it.

August 31, 2021

Retiring the PCI.EC2.3 control

Security Hub is retiring the control [PCI.EC2.3] Unused EC2 security groups should be removed. When a control is retired, it no longer displays on the console, and Security Hub does not perform checks against it.

August 27, 2021

Change to how Security Hub sends findings to custom actions

When you send findings to a custom action, Security Hub now sends each finding in a separate Security Hub Findings - Custom Action event.

August 20, 2021

Added a new compliance status reason code for custom Lambda runtimes

Added a new LAMBDA_CUSTOM_RUNTIME_DETAILS_NOT_AVAILABLE compliance status reason code. This reason code indicates that Security Hub could not perform a check against a custom Lambda runtime.

August 20, 2021

AWS Firewall Manager integration now supported in the China Regions

The Security Hub integration with Firewall Manager is now supported in China (Beijing) and China (Ningxia).

August 19, 2021

New integrations with Caveonix Cloud and Forcepoint Cloud Security Gateway

Security Hub now offers integrations with Caveonix Cloud and Forcepoint Cloud Security Gateway. Both integrations send findings to Security Hub.

August 10, 2021

Added new CompanyName, ProductName, and Region attributes to ASFF

Added CompanyName, ProductName, and Region fields to the top level of the ASFF. These fields are populated automatically and, except for custom product integrations, cannot be updated using BatchImportFindings or BatchUpdateFindings. On the console, finding filters use these new fields. In the API, the CompanyName and ProductName filters use the attributes that are under ProductFields.

July 23, 2021

Added and updated resource details objects in ASFF

Added a new AwsRdsEventSubscription resource type and resource details. Added resource details for the AwsEcsService resource type. Added attributes to the AwsElasticsearchDomain resource details object.

July 23, 2021

Added controls to the AWS Foundational Security Best Practices standard

Added new controls for Amazon API Gateway (APIGateway.5), Amazon EC2 (EC2.19), Amazon ECS (ECS.2), Elastic Load Balancing (ELB.7), Amazon OpenSearch Service (ES.5 through ES.8), Amazon RDS (RDS.16 through RDS.23), Amazon Redshift (Redshift.4), and Amazon SQS (SQS.1).

July 20, 2021

Moved a permission within the service-linked role managed policy

Moved the config:PutEvaluations permission within the managed policy AWSSecurityHubServiceRolePolicy, so that it is applied to all resources.

July 14, 2021

Added controls to the AWS Foundational Security Best Practices standard

Added new controls for Amazon API Gateway (APIGateway.4), Amazon CloudFront (CloudFront.5 and CloudFront.6), Amazon EC2 (EC2.17 and EC2.18), Amazon ECS (ECS.1), Amazon OpenSearch Service (ES.4), AWS Identity and Access Management (IAM.21), Amazon RDS (RDS.15), and Amazon S3 (S3.8).

July 8, 2021

Added new compliance status reason codes for control findings

INTERNAL_SERVICE_ERROR indicates that an unknown error occurred. SNS_TOPIC_CROSS_ACCOUNT indicates that the SNS topic is owned by a different account. SNS_TOPIC_INVALID indicates that the associated SNS topic is invalid.

July 6, 2021

Added the integration with AWS Chatbot

Added the integration with AWS Chatbot. Security Hub sends findings to AWS Chatbot.

June 30, 2021

Added a new permission to the service-linked role managed policy

Added a new permission to the managed policy AWSSecurityHubServiceRolePolicy to allow the service-linked role to deliver evaluation results to AWS Config.

June 29, 2021

New and updated resource details objects in the ASFF

Added new resource details objects for ECS clusters and ECS task definitions. Updated the EC2 instance object to list the associated network interfaces. Added the client certificate ID for the API Gateway V2 stages. Added the lifecycle configuration for S3 buckets.

June 24, 2021

Updated the calculation of aggregated control statuses and standard security scores

Security Hub now calculates the overall control status and standard security score every 24 hours. For administrator accounts, the score now reflects whether each control is enabled or disabled for each account.

June 23, 2021

Updated information about Security Hub handling of suspended accounts

Added information on how Security Hub handles accounts that are suspended in AWS.

June 23, 2021

Added tabs to display the enabled and disabled controls for the individual administrator account

For the administrator account, the main tabs on the standard details page contain aggregated information across accounts. The new Enabled for this account and Disabled for this account tabs list the accounts that are enabled or disabled for the individual administrator account.

June 23, 2021

Added java8.al2 to the parameters for Lambda.2

In the AWS Foundational Security Best Practices standard, added java8.al2 to the supported runtimes for the Lambda.2 control.

June 8, 2021

New integrations with MicroFocus ArcSight and NETSCOUT Cyber Investigator

Added integrations with MicroFocus ArcSight and NETSCOUT Cyber Investigator. MicroFocus ArcSight receives findings from Security Hub. NETSCOUT Cyber Investigator sends findings to Security Hub.

June 7, 2021

Added details for AWSSecurityHubServiceRolePolicy

Updated the managed policies section to add details for the existing managed policy AWSSecurityHubServiceRolePolicy, which is used by the Security Hub service-linked role.

June 4, 2021

New integration with Jira Service Management

The AWS Service Management Connector for Jira sends findings to Jira and uses them to create Jira issues. When the Jira issues are updated, the corresponding findings in Security Hub also are updated.

May 26, 2021

Updated the supported controls list for the Asia Pacific (Osaka) Region

Updated the CIS AWS Foundations standard and the Payment Card Industry Data Security Standard (PCI DSS) to indicate the controls that are not supported in Asia Pacific (Osaka).

May 21, 2021

New integration with Sysdig Secure for cloud

Added an integration with Sysdig Secure for cloud. The integration sends findings to Security Hub.

May 14, 2021

Added controls to the AWS Foundational Security Best Practices standard

Added new controls for Amazon API Gateway (APIGateway.2 and APIGateway.3), AWS CloudTrail (CloudTrail.4 and CloudTrail.5), Amazon EC2 (EC2.15 and EC2.16), AWS Elastic Beanstalk (ElasticBeanstalk.1 and ElasticBeanstalk.2), AWS Lambda (Lambda.4), Amazon RDS (RDS.12 – RDS.14), Amazon Redshift (Redshift.7), AWS Secrets Manager (SecretsManager.3 and SecretsManager.4), and AWS WAF (WAF.1).

May 10, 2021

Updates to GuardDuty and Amazon RDS controls

Changed the severity of GuardDuty.1 and PCI.GuardDuty.1 from Medium to High. Added a databaseEngines parameter to RDS.8.

May 4, 2021

Added new resource details to the ASFF

In Resources.Details, added new resource details objects for Amazon EC2 network ACLs, Amazon EC2 subnets, and AWS Elastic Beanstalk environments.

May 3, 2021

Added console fields to provide filter values for Amazon EventBridge rules

The new predefined filter patterns for Security Hub EventBridge rules provide console fields that you can use to specify filter values.

April 30, 2021

Added the integration with AWS Systems Manager Explorer and OpsCenter

Security Hub now supports an integration with Systems Manager Explorer and OpsCenter. The integration receives findings from Security Hub and updates those findings in Security Hub.

April 26, 2021

New type for product integrations

A new integration type, UPDATE_FINDINGS_IN_SECURITY_HUB, indicates that a product integration updates findings that it receives from Security Hub.

April 22, 2021

Changed "master account" to "administrator account"

The term "master account" is changed to "administrator account." The term is also changed in the Security Hub console and API.

April 22, 2021

Updated APIGateway.1 to replace HTTP with Websocket

Updated the title, description, and remediation for APIGateway.1. The control now checks for Websocket API execution logging instead of for HTTP API execution logging.

April 9, 2021

Amazon GuardDuty integration now supported in Beijing and Ningxia

The Security Hub integration with GuardDuty is now supported in the China (Beijing) and China (Ningxia) Regions.

April 5, 2021

Added nodejs14.x to the supported runtimes for Lambda.2 control

The Lambda.2 control in the Foundational Security Best Practices standard now supports the nodejs14.x runtime.

March 30, 2021

Security Hub launched in Asia Pacific (Osaka)

Security Hub is now available in the Asia Pacific (Osaka) Region.

March 29, 2021

Added finding provider fields to finding details

On the finding details panel, the new Finding Provider Fields section contains the finding provider values for confidence, criticality, related findings, severity, and types.

March 24, 2021

Added option to receive sensitive findings from Amazon Macie

The integration with Macie can now be configured to send sensitive findings to Security Hub.

March 23, 2021

Transitioning to AWS Organizations for account management

For customers who have an existing administrator account with member accounts, added new information on how to change from managing accounts by invitation to managing accounts using Organizations.

March 22, 2021

New objects in ASFF for information about Amazon S3 Public Access Block configuration

In Resources, a new AwsS3AccountPublicAccessBlock resource type and details object provides information about the Amazon S3 Public Access Block configuration for accounts. In the AwsS3Bucket resource details object, the PublicAccessBlockConfiguration object provides the Public Access Block configuration for the S3 bucket.

March 18, 2021

New object in ASFF to allow finding providers to update specific fields

The new FindingProviderFields object in ASFF is used in BatchImportFindings to provide values for Confidence, Criticality, RelatedFindings, Severity, and Types. The original fields should only be updated using BatchUpdateFindings.

March 18, 2021

New DataClassification object for resources in ASFF

The new Resources.DataClassification object in ASFF is used to provide information about sensitive data that was detected on the resource.

March 18, 2021

Added CONFIG_RETURNS_NOT_APPLICABLE value to the available compliance status codes

For the NOT_AVAILABLE compliance status, removed the reason code RESOURCE_NO_LONGER_EXISTS and added the reason code CONFIG_RETURNS_NOT_APPLICABLE.

March 16, 2021

New managed policy for integration with AWS Organizations

A new managed policy, AWSSecurityHubOrganizationsAccess, provides the Organizations permissions that are needed by the organization management account and the delegated Security Hub administrator account.

March 15, 2021

Managed policy and service-linked role information moved to the Security chapter

The information on managed policies is revised and expanded. Both the managed policy information and the information on service-linked roles has moved to the Security chapter.

March 15, 2021

New integration with SecureCloudDB

Added SecureCloudDB to the list of third-party integrations. SecureCloudDB is a cloud native database security tool that provides comprehensive visibility of internal and external security postures and activity. SecureCloudDB sends findings to Security Hub.

March 4, 2021

Revised severity for CIS 1.1 and CIS 3.1 – CIS 3.14 controls

The severity of the CIS 1.1 and CIS 3.1 – CIS 3.14 controls is changed to Low.

March 3, 2021

Removed the RDS.11 control

Removed the RDS.11 control from the Foundational Security Best Practices standard.

March 3, 2021

Updated integration for Turbot

The Turbot integration is updated to both send and receive findings.

February 26, 2021

Added controls to the Foundational Security Best Practices standard

Added new controls for Amazon API Gateway (APIGateway.1), Amazon EC2 (EC2.9 and EC2.10), Amazon Elastic File System (EFS.2), Amazon OpenSearch Service (ES.2 and ES.3), Elastic Load Balancing (ELB.6), and AWS Key Management Service (AWS KMS) (KMS.3).

February 11, 2021

Added optional ProductArn filter to the DescribeProducts API

The DescribeProducts API operation now includes an optional ProductArn parameter. The ProductArn parameter is used to identify the specific product integration to return details for.

February 3, 2021

New integration with Antivirus for Amazon S3 from Cloud Storage Security

The integration with Antivirus for Amazon S3 sends the virus scan results to Security Hub as findings.

January 27, 2021

Updated the security score calculation process for administrator accounts

For an administrator account, Security Hub uses a separate process to calculate the security score. The new process ensures that the score includes controls that are enabled for member accounts but disabled for the administrator account.

January 21, 2021

New fields and objects in the ASFF

Added a new Action object to track actions that occurred against a resource. Added fields to the AwsEc2NetworkInterface object to track DNS names and IP addresses. Added a new AwsSsmPatchCompliance object to the resource details.

January 21, 2021

Added controls to the Foundational Security Best Practices standard

Added new controls for Amazon CloudFront (CloudFront.1 through CloudFront.4), Amazon DynamoDB (DynamoDB.1 through DynamoDB.3), Elastic Load Balancing (ELB.3 through ELB.5), Amazon RDS (RDS.9 through RDS.11), Amazon Redshift (Redshift.1 through Redshift.3 and Redshift.6), and Amazon SNS (SNS.1).

January 15, 2021

Workflow status is reset based on the record state or compliance status

Security Hub automatically resets the workflow status from NOTIFIED or RESOLVED to NEW if an archived finding is made active, or if the compliance status of a finding changes from PASSED to either FAILED, WARNING, or NOT_AVAILABLE. These changes indicate that additional investigation is required.

January 7, 2021

Added ProductFields information for control-based findings

For findings that are generated from controls, added information about the content of the ProductFields object in the AWS Security Finding Format (ASFF).

December 29, 2020

Updates to managed insights

Changed the title of insight 5. Added a new insight, 32, that checks for IAM users with suspicious activity.

December 22, 2020

Updates to IAM.7 and Lambda.1 controls

In the AWS Foundational Security Best Practices standard, updated the parameters for IAM.7. Updated the title and description of Lambda.1.

December 22, 2020

Expanded integration with ServiceNow ITSM

The ServiceNow ITSM integration allows users to automatically create incidents or problems when a Security Hub finding is received. Updates to these incidents or problems result in updates to the findings in Security Hub.

December 11, 2020

New integration with AWS Audit Manager

Security Hub now offers an integration with AWS Audit Manager. The integration allows Audit Manager to receive control-based findings from Security Hub.

December 8, 2020

New integration with Aqua Security Kube-bench

Security Hub added an integration with Aqua Security Kube-bench. The integration sends findings to Security Hub.

November 24, 2020

Cloud Custodian is now available in the China Regions

The integration with Cloud Custodian is now available in the China (Beijing) and China (Ningxia) Regions.

November 24, 2020

BatchImportFindings can now be used to update additional fields

Previously, you could not use BatchImportFindings to update the Confidence, Criticality, RelatedFindings, Severity, and Types fields. Now, if these fields have not been updated by BatchUpdateFindings, they can be updated by BatchImportFindings. Once they are updated by BatchUpdateFindings, they cannot be updated by BatchImportFindings.

November 24, 2020

Security Hub is now integrated with AWS Organizations

Customers can now manage member accounts using their Organizations account configuration. The organization management account designates the Security Hub administrator account, who determines which organization accounts to enable in Security Hub. The manual invitation process can still be used for accounts that are not part of an organization.

November 23, 2020

Removed the separate finding list format for high-volume controls

The finding list for a control no longer uses the Findings page format when there is a very large number of findings.

November 19, 2020

New and updated third-party integrations

Security Hub now supports integrations with cloudtamer.io, 3CORESec, Prowler, and StackRox Kubernetes Security. IBM QRadar no longer sends findings. It only receives findings.

October 30, 2020

Added option to download the list of findings from the control details page.

On the control details page, a new Download option allows you to download the finding list to a .csv file. The downloaded list respects any filters that are on the list. If you selected specific findings, then the downloaded list only includes those findings.

October 26, 2020

Added option to download the list of controls from the standard details page.

On the standard details page, a new Download option allows you to download the control list to a .csv file. The downloaded list respects any filters that are on the list. If you selected a specific control, then the downloaded list only includes that control.

October 26, 2020

New and updated partner integrations

Security Hub is now integrated with ThreatModeler. Updated the following partner integrations to reflect their new product names. Twistlock Enterprise Edition is now Palo Alto Networks - Prisma Cloud Compute. Also from Palo Alto Networks, Demisto is now Cortex XSOAR and Redlock is now Prisma Cloud Enterprise.

October 23, 2020

Security Hub launched in China (Beijing) and China (Ningxia)

Security Hub is now available in the China (Beijing) and China (Ningxia) Regions.

October 21, 2020

Revised format for ASFF attributes and third-party integrations

The lists of ASFF attributes and partner integrations now use a list-based format instead of tables. The ASFF syntax, attributes, and types taxonomy are now in separate topics.

October 15, 2020

Redesigned standard details page

The standard details page for an enabled standard now displays a tabbed list of controls. The tabs filter the control list based on the control status.

October 7, 2020

Replaced CloudWatch Events with EventBridge

Replaced references to Amazon CloudWatch Events with Amazon EventBridge.

October 1, 2020

New integrations with Blue Hexagon for AWS, Alcide kAudit, and Palo Alto Networks VM-Series.

Security Hub is now integrated with Blue Hexagon for AWS, Alcide kAudit, and Palo Alto Networks VM-Series. Blue Hexagon for AWS and kAudit send findings to Security Hub. VM-Series receives findings from Security Hub.

September 30, 2020

New and updated resource details objects in ASFF

Added new Resources.Details objects for AwsApiGatewayRestApi, AwsApiGatewayStage, AwsApiGatewayV2Api, AwsApiGatewayV2Stage, AwsCertificateManagerCertificate, AwsElbLoadBalancer, AwsIamGroup, and AwsRedshiftCluster. Added details to the AwsCloudFrontDistribution, AwsIamRole and AwsIamAccessKey objects.

September 30, 2020

New ResourceRole attribute for resources in ASFF to track whether a resource is an actor or a target.

The ResourceRole attribute for resources indicates whether the resource is the target of the finding activity or the perpetrator of the finding activity. The valid values are ACTOR and TARGET.

September 30, 2020

Added AWS Systems Manager Patch Manager to available AWS service integrations

AWS Systems Manager Patch Manager is now integrated with Security Hub. Patch Manager sends findings to Security Hub when instances in a customer's fleet go out of compliance with their patch compliance standard.

September 22, 2020

Added new controls to the AWS Foundational Security Best Practices standard

Added new controls for the following services: Amazon EC2 (EC2.7 and EC2.8), Amazon EMR (EMR.1), IAM (IAM.8), Amazon RDS (RDS.4 through RDS.8), Amazon S3 (S3.6), and AWS Secrets Manager (SecretsManager.1 and SecretsManager.2).

September 15, 2020

New context keys for IAM policy to control access to BatchUpdateFindings fields

IAM policies can now be configured to restrict access to fields and field values when using BatchUpdateFindings.

September 10, 2020

Expanded access to BatchUpdateFindings for member accounts

By default, member accounts now have the same access to BatchUpdateFindings as administrator accounts.

September 10, 2020

New controls for AWS KMS in the Foundational Security Best Practices Standard

Added two new controls (KMS.1 and KMS.2) to the Foundational Security Best Practices Standard. The new controls check whether IAM policies restrict access to AWS KMS decryption actions.

September 9, 2020

Removed account-level findings for controls

Security Hub no longer generates account-level findings for a control. Only resource-level findings are generated.

September 1, 2020

New PatchSummary object in ASFF

Added the PatchSummary object to the ASFF. The PatchSummary object provides information about the patch compliance of a resource relative to a selected compliance standard.

September 1, 2020

Redesigned control details page

The details page for controls is redesigned. The control finding list provides tabs to allow you to quickly filter the list based on the compliance status. You can also quickly see suppressed findings. Each entry provides access to additional details about the finding resource, AWS Config rule, and finding notes.

August 28, 2020

New filter options for findings

For finding filters, you can use the is not filter to find findings for which a field value is not equal to the filter value. You can use the does not start with to find findings for which a field value does not start with the specified filter value.

August 28, 2020

New resource details objects in ASFF

Added new Resources.Details objects for the following resource types: AwsDynamoDbTable , AwsEc2Eip, AwsIamPolicy, AwsIamUser, AwsRdsDbCluster, AwsRdsDbClusterSnapshot, AwsRdsDbSnapshot, AwsSecretsManagerSecret

August 18, 2020

New integration with RSA Archer

Security Hub is now integrated with RSA Archer. RSA Archer receives findings from Security Hub.

August 18, 2020

New Description field for AwsKmsKey

Added a Description field to the AwsKmsKey object under Resources.Details.

August 18, 2020

Added fields to AwsRdsDbInstance

Added several attributes to the AwsRdsDbInstance object under Resources.Details.

August 18, 2020

Updated how Security Hub determines the overall status of a control

For controls that have no findings, the status is No data instead of Unknown. The control status includes both account-level and resource-level findings. The control status does not use the workflow status of findings, except to ignore suppressed findings.

August 13, 2020

Updated how Security Hub calculates the security score for a standard

When calculating the security score for a standard, Security Hub now ignores controls with a status of No Data. The security score is proportion of passed controls to enabled controls, excluding controls with no data.

August 13, 2020

New option to automatically enable new controls in enabled standards

Added a Settings option to automatically enable new controls in standards that are enabled. You can also use the UpdateSecurityHubConfiguration API operation to configure this option.

July 31, 2020

New controls for the Payment Card Industry Data Security Standard (PCI DSS) standard

Added new controls to the PCI DSS standard. The identifiers of the new controls are PCI.DMS.1, PCI.EC2.5, PCI.EC2.6, PCI.ELBV2.1, PCI.GuardDuty.1, PCI.IAM.7, PCI.IAM.8, PCI.S3.5, PCI.S3.6, PCI.SageMaker.1, PCI.SSM.2, and PCI.SSM.3.

July 29, 2020

New and updated controls for the Foundational Security Best Practices standard

Added new controls to the Foundational Security Best Practices standard. The identifiers of the new controls are AutoScaling.1, DMS.1, EC2.4, EC2.6, S3.5, and SSM.3. Updated the title of ACM.1 and changed the value of the daysToExpiration parameter to 30.

July 29, 2020

New Vulnerabilities object in the ASFF

Added the Vulnerabilities object, which provides information about vulnerabilities that are associated with the finding.

July 1, 2020

New Resource.Details objects in the ASFF for Auto Scaling groups, EC2 volumes, and EC2 VPCs

Added the AwsAutoScalingAutoScalingGroup, AWSEc2Volume, and AwsEc2Vpc objects to Resource.Details.

July 1, 2020

New NetworkPath object in the ASFF

Added the NetworkPath object, which provides information about a network path that is related to the finding.

July 1, 2020

Automatically resolve findings when Compliance.Status is PASSED

For findings from controls, if Compliance.Status is PASSED, then Security Hub automatically sets Workflow.Status to RESOLVED.

June 24, 2020

AWS Command Line Interface examples

Added AWS CLI syntax and examples for several Security Hub tasks. Includes enabling Security Hub, managing insights, managing standards and controls, managing product integrations, and disabling Security Hub.

June 24, 2020

New Severity.Original attribute in the ASFF

Added the Severity.Original attribute, which is the original severity from the finding provider. This replaces the deprecated Severity.Product attribute.

May 20, 2020

New Compliance.StatusReasons object in the ASFF for details about a control's status

Added the Compliance.StatusReasons object, which provides additional context for the current status of a control.

May 20, 2020

New AWS Foundational Security Best Practices standard

Added the new AWS Foundational Security Best Practices standard, which is a set of controls that detect when your deployed accounts and resources deviate from security best practices.

April 22, 2020

New console option to update the workflow status for a finding

Added information for using the Security Hub console or API to set the workflow status for findings.

April 16, 2020

New BatchUpdateFindings API for customer updates to findings

Added information on using BatchUpdateFindings to update information related to the process of investigating a finding. BatchUpdateFindings replaces UpdateFindings, which is deprecated.

April 16, 2020

Updates to the AWS Security Finding Format (ASFF)

Added several new resource types. Added a new Label attribute to the Severity object. Label is intended to replace the Normalized field. Added a new Workflow object to track the process of an investigation into a finding. Workflow contains a Status attribute, which replaces the existing Workflowstate attribute.

March 12, 2020

Updates to the Integrations page

Updated to reflect the changes to the Integrations page. For each integration, the page now shows the integration category and whether each integration sends findings to or receives findings from Security Hub. It also provides the specific steps required to enable each integration.

February 26, 2020

New third-party product integrations

Added the following new product integrations: Cloud Custodian, FireEye Helix, Forcepoint CASB, Forcepoint DLP, Forcepoint NGFW, Rackspace Cloud Native Security, and Vectra.ai Cognito Detect.

February 21, 2020

New security standard for the Payment Card Industry Data Security Standard (PCI DSS)

Added the Security Hub security standard for the Payment Card Industry Data Security Standard (PCI DSS). When this standard is enabled, Security Hub performs automated checks against controls related to PCI DSS requirements.

February 13, 2020

Updates to the AWS Security Finding Format (ASFF)

Added a field for related requirements for standards controls. Added new resource types and new resource details. The ASFF also now allows you to provide up to 32 resources.

February 5, 2020

New option to disable individual security standard controls

Added information on how to control whether each individual security standard control is enabled.

January 15, 2020

Updates to Security Hub concepts

Updated some descriptions and added new terms to Security Hub concepts.

September 21, 2019

AWS Security Hub general availability release

Content updates to reflect improvements made to Security Hub during the preview period.

June 25, 2019

Added remediation steps for CIS AWS Foundations checks

Added remediation steps to Security Standards Supported in AWS Security Hub.

April 15, 2019

Preview release of AWS Security Hub

Published the preview release version of the AWS Security Hub User Guide.

November 18, 2018