Viewing and managing security standards
Security standards include a set of requirements to determine compliance with regulatory frameworks, industry best practices, or company policies. AWS Security Hub maps these requirements to controls and runs security checks on controls to assess whether the requirements of a standard are being met. A control may be enabled in one or more standards. If you turn on consolidated control findings, Security Hub generates a single finding per security check even when a control is part of multiple enabled standards. For more information, see Consolidated control findings.
For a list of available standards and the controls that apply to them, see Standards reference. The Security standards page on the Security Hub console also shows all of the supported security standards in Security Hub and their enablement status. For each security standard that's enabled in your account (or if you use the integration with AWS Organizations, in at least one account in your organization), you can view the following information:
-
The enablement status of the standard in different Security Hub configuration policies if you use central configuration
-
A description of any disabled standards
-
A list of controls that are currently enabled in the standard and the overall status of those controls based on the compliance status of their findings
-
a list of controls that apply to the standard but are currently disabled
-
A security score for the standard
Security Hub generates a security score for each standard. Administrator accounts see aggregated security scores and control statuses across their member accounts. If you have set an aggregation Region, your security scores reflect the compliance status of controls across all linked Regions. For more information, see How security scores are calculated.
Topics
