Posted On: Dec 22, 2022

AWS Security Hub has released 9 new controls for its AWS Foundational Security Best Practice standard (FSBP) to enhance your cloud security posture management (CSPM).These controls conduct fully-automatic checks against security best practices for your AWS account settings and for services such as Amazon Elastic Compute Cloud (Amazon EC2), Amazon SageMaker, Amazon API Gateway, Amazon CloudFront, AWS WAF, and AWS CodeBuild. If you have Security Hub set to automatically enable new controls and are already using AWS Foundational Security Best Practices, these new controls will run without having to take any additional action.

With this release, Security Hub now supports 237 security controls to automatically check your security posture in AWS.

The 9 FSBP controls that we launched are:

  • [Account.1] Security contact information should be provided for an AWS account
  • [APIGateway.8] Websocket and HTTP API Gateway routes should specify an authorization type
  • [APIGateway.9] Access Logging should be enabled for API Gateway V2 Stages
  • [CloudFront.12] CloudFront distributions should not point to non-existent S3 origins
  • [CodeBuild.3] CodeBuild S3 logs should be encrypted
  • [EC2.25] EC2 launch templates should not assign public IPs to network interfaces
  • [SageMaker.2] SageMaker notebook instances should be launched in a custom VPC
  • [SageMaker.3] Users should not have root access to SageMaker notebook instances
  • [WAF.10] AWS WAFv2 web ACL should have at least one rule or rule group

You can begin your 30-day free trial of Security Hub with a single action in the AWS Management console. Please see the AWS Regions page for all the regions where Security Hub is available. To learn more about Security Hub capabilities, see the Security Hub documentation, and to start your 30-day free trial, see the Security Hub free trial page.

To receive notifications about new Security Hub features and controls, subscribe to the Security Hub SNS topic in your preferred Region.