Security Hub standards reference
In AWS Security Hub, a security standard is a set of requirements based on regulatory frameworks, industry best practices, or company policies. Security Hub maps these requirements to controls and runs security checks on controls to assess whether the requirements of a standard are being met. A standard includes multiple controls.
An individual control can belong to one or more standards. If you turn on consolidated control findings, Security Hub generates a single finding for each security check, even when a control belongs to multiple enabled standards. For more information, see Consolidated control findings.
Security Hub currently supports the security standards detailed in this section. We recommend enabling the standards that are relevant to your business needs, industry, or use case. Here's a quick summary of the supported standards. Choose a standard from the following list to view more details about it and the controls that apply to it.
AWS Foundational Security Best Practices v1.0.0 (FSBP) – Developed by AWS and industry professionals, FSBP is a compilation of best practices for organizations regardless of sector or size.
CIS AWS Foundations Benchmark – Provides configuration guidelines for AWS resources.
NIST SP 800-53 Rev. 5 – Generally applies to federal agencies or organizations that work with federal agencies or federal information systems.
PCI DSS v3.2.1 – Applies to organizations that store, process, or transmit cardholder data.
AWS Resource Tagging Standard – Helps you keep track of tags that you apply to your AWS resources.
Service-Managed Standard: AWS Control Tower – Applies to users of Security Hub and AWS Control Tower who want to enable proactive and detective controls.
For instructions on enabling a standard, see Enabling a security standard in Security Hub.
Security Hub standards and controls don't guarantee compliance with any regulatory frameworks or audits. Rather, the controls provide a way to monitor the current state of your AWS accounts and resources.