Posted On: Dec 5, 2022

AWS Security Hub now integrates with AWS Control Tower, allowing you to pair AWS Security Hub detective controls with AWS Control Tower proactive or preventive controls and manage them together using AWS Control Tower. AWS Security Hub controls are now mapped to related control objectives in the AWS Control Tower control library, providing you with a holistic view of the controls required to meet a specific control objective. This combination of over 160 detective controls from AWS Security Hub, with the AWS Control Tower built-in automations for multi-account environments, gives you a strong baseline of governance and off-the-shelf controls required to scale your business using new AWS workloads and services. This combination of controls also helps you monitor whether your multi-account AWS environment is secure and managed in accordance with best practices, such as the AWS Foundational Security Best Practices standard.

To use AWS Security Hub controls within AWS Control Tower, navigate to AWS Control Tower’s control library. After selecting any control that originates from AWS Security Hub, you can enable it directly from AWS Control Tower. AWS Control Tower will activate AWS Security Hub on your behalf, and a new Service-Managed Standard will be created within AWS Security Hub. The new standard, managed by AWS Control Tower, allows you to see which AWS Security Hub controls have been activated by AWS Control Tower, and their evaluations. To get started, visit the AWS Control Tower product page.

For a full list of AWS Regions where AWS Control Tower is available, see the AWS Region Table. This integration is available in preview in all regions where AWS Control Tower is available.

Updated 12/7/22 - This post was initially published without the proper "Preview" designation.