How do consolidated controls view and consolidated control findings affect my workflows?

2 minute read
0

I use AWS Security Hub to run security checks against controls and generate control findings. I want to update my workflows after the release of consolidated controls view and consolidated control findings.

Short description

AWS Security Hub has two features that decouple controls from standards. These features streamline how you view and receive control findings:

With consolidated controls view, you see a consolidated list of your controls from the Controls page in the Security Hub console. Security Hub also assigns controls a consistent security control ID across standards. This helps you to investigate failed findings that affect multiple compliance frameworks.

Consolidated control findings streamline your control findings. When this feature is turned on, Security Hub produces a single finding for a security check even when a check is shared across multiple standards. This reduces finding noise and helps you focus on the security issues affecting your environment.

Note: Both features bring changes to control finding fields and values in the AWS Security Finding Format (ASFF).

Resolution

If your workflows don't rely on the specific format of any control finding fields, then no action is required. It's a best practice to immediately turn on consolidated control findings.

Automated Security Response on AWS v.2.0.0 supports consolidated control findings. If you use Automated Security Response on AWS v.2.0.0, then you can turn on consolidated control findings without disruption to your workflows.

If you rely on the specific format of any control finding fields (such as custom automation), then review the finding field and value changes. Confirm that your workflows continue to function as intended. For more information and examples, see Updating workflows for consolidation.

If you use control finding fields or values that changed to create custom insights, then it's a best practice to update those insights. The custom insights must use the new fields or values. For more information, see Impact of consolidation on ASFF fields and values.

AWS OFFICIAL
AWS OFFICIALUpdated 7 months ago