Posted On: Jun 14, 2023
AWS Security Hub has released 6 new security controls, increasing the overall number of controls Security Hub offers to 264. The new controls conduct fully-automatic security checks against services such as Amazon CloudFront and Amazon Simple Storage Service (Amazon S3). To use these controls, you should first turn on the standard they belong to - either Foundational Security Best Practices (FSBP) or National Institute of Standards and Technology (NIST) SP 800-53 Rev. 5. If you are already using those standards and have Security Hub set to automatically turn on new controls, these new controls will run without having to take any additional action.
The new controls that we launched are:
- [ACM.2] RSA certificates managed by ACM should use a key length of at least 2,048 bits
- [AppSync.2] AWS AppSync should have request-level and field-level logging turned on
- [CloudFront.13] CloudFront distributions should use origin access control
- [ElasticBeanstalk.3] Elastic Beanstalk should stream logs to CloudWatch
- [StepFunctions.1] Step Functions state machines should have logging turned on
- [S3.17] S3 buckets should be encrypted at rest with AWS KMS keys
You can try Security Hub at no cost for 30 days on the AWS Free Tier with a single action in the AWS Management Console or after provisioning it via AWS CloudFormation. To learn more about Security Hub capabilities, consult the Security Hub documentation, and to receive notifications about new Security Hub features and controls, subscribe to the Security Hub SNS topic in your preferred Region.