Posted On: Jul 29, 2020

AWS Security Hub has released 7 new automated security controls for the AWS Foundational Security Best Practices standard and 12 new controls to our Payment Card Industry Data Security Standard (PCI DSS).  

The new controls for the Foundational Security Best Practices standard are: Amazon S3 buckets should require requests to use Secure Socket Layer; Amazon SageMaker notebook instances should not have direct internet access; AWS Database Migration Service replication instances should not be public; Amazon EC2 instances managed by Systems Manager should have an association compliance status of COMPLIANT; AWS Auto scaling groups associated with a load balancer should use load balancer health checks; Stopped EC2 instances should be removed after a specified time period; and Amazon VPC flow logging should be enabled in all VPCs.  

The new automated controls for PCI DSS include 2 controls for Amazon EC2, 2 for AWS Systems Manager, 1 for Amazon Elastic Load Balancing, 1 for AWS Database Migration Service, 1 for Amazon SageMaker, 2 for Amazon S3, 1 for Amazon GuardDuty, and 2 for AWS IAM.  

Available globally, AWS Security Hub gives you a comprehensive view of your security posture across your AWS accounts. With Security Hub, you now have a single place that aggregates, organizes, and prioritizes your security alerts, or findings, from multiple AWS services, such as Amazon GuardDuty, Amazon Inspector, Amazon Macie, AWS Firewall Manager, and AWS IAM Access Analyzer, as well as from over 45 AWS Partner solutions. You can also continuously monitor your environment using automated security checks based on standards, such as AWS Foundational Security Best Practices, the CIS AWS Foundations Benchmark, and the Payment Card Industry Data Security Standard. You can also take action on these findings by investigating findings in Amazon Detective and by using Amazon CloudWatch Event rules to send the findings to ticketing, chat, Security Information and Event Management (SIEM), Security Orchestration Automation and Response (SOAR), and incident management tools or to custom remediation playbooks.  

You can enable your 30-day free trial of AWS Security Hub with a single-click in the AWS Management console. Please see the AWS Regions page for all the regions where AWS Security Hub is available. To learn more about AWS Security Hub capabilities, see the AWS Security Hub documentation, and to start your 30-day free trial see the AWS Security Hub free trial page.