Security standards and controls in AWS Security Hub

AWS Security Hub consumes, aggregates, and analyzes security findings from various supported AWS and third-party products.

Security Hub also generates its own findings as the result of running automated and continuous checks against the rules in a set of supported security standards. These checks provide a readiness score and identify specific accounts and resources that require attention.

Security Hub provides controls for the following standards.

CIS AWS Foundations
Payment Card Industry Data Security Standard (PCI DSS)
AWS Foundational Security Best Practices

For information on Security Hub pricing for security checks, see Security Hub pricing.

Topics

How AWS Security Hub generates findings from security checks
Disabling or enabling a security standard
Viewing the list of controls for a standard
Viewing details for a control
Enabling new controls automatically
Disabling and enabling individual controls
Viewing and taking action on control findings
CIS AWS Foundations Benchmark standard
Payment Card Industry Data Security Standard (PCI DSS)
AWS Foundational Security Best Practices standard

Warning Javascript is disabled or is unavailable in your browser.

To use the AWS Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Using custom product integrations

Generating findings from security checks