Rule: AWS Security Hub should be enabled for an AWS Account
This rule ensures AWS Security Hub is activated in an AWS Account.
| Rule | AWS Security Hub should be enabled for an AWS Account |
| Framework | FedRAMP Low Revision 4 |
| Severity | ✔ High |
Rule Description
The rule specifies that AWS Security Hub should be enabled for an AWS account to comply with the FedRAMP Low Revision 4 security requirements. AWS Security Hub provides a comprehensive view of security alerts and compliance status across multiple AWS accounts, helping organizations to identify potential security risks and implement necessary measures to address them.
Remediation Steps
To enable AWS Security Hub for an AWS account and meet the FedRAMP Low Revision 4 requirement, follow the step-by-step guide below:
Step 1: Access the AWS Management Console
- 1.Open a web browser and navigate to the AWS Management Console (console.aws.amazon.com).
- 2.Enter your AWS account credentials (username and password) to log in.
Step 2: Enable AWS Security Hub
- 1.Once you are logged in to the AWS Management Console, search for "Security Hub" in the AWS service search bar.
- 2.Click on "Security Hub" from the search results. This will open the Security Hub management console.
Step 3: Configure AWS Security Hub
- 1.In the Security Hub management console, click on the "Getting Started" button.
- 2.Review the Security Hub features and click on the "Enable Security Hub" button.
- 3.On the next page, choose the AWS region in which you want to enable Security Hub.
- 4.Leave the "Create a new master" option selected.
- 5.Click on the "Enable Security Hub" button.
Step 4: Wait for Security Hub Activation
- 1.It may take a few minutes for AWS Security Hub to be activated in your AWS account. During this process, AWS Security Hub will run various checks and configurations.
- 2.Wait for the activation process to complete. You can periodically refresh the Security Hub management console page to check for the activation status.
Step 5: Verify Security Hub Status
- 1.Once the activation is complete, you will see a message indicating that AWS Security Hub is now enabled for your AWS account.
- 2.Verify that Security Hub is enabled by navigating to the Security Hub console home page and ensure that the service is active.
Troubleshooting Steps
If you encounter any issues during the process, follow these troubleshooting steps:
- 1.Verify that you have the necessary permissions to enable Security Hub. You need to have sufficient IAM (Identity and Access Management) permissions to access and modify Security Hub settings.
- 2.Ensure that you are using an AWS account that is eligible for Security Hub activation. Some AWS accounts or regions may not support Security Hub.
- 3.Check if there are any ongoing service outages or maintenance activities on the AWS status page (status.aws.amazon.com). If there is a known issue affecting Security Hub, you may need to wait until it is resolved.
- 4.If you receive any error messages or encounter specific issues, search for those errors in the AWS support documentation or seek assistance from AWS support for further guidance.
Code
No code is required for this rule. The remediation steps provided above can be followed using the AWS Management Console.
Note: Make sure to monitor the Security Hub findings and take appropriate actions to address any identified security risks or compliance issues. This will help maintain the security posture of your AWS account and ensure ongoing compliance with FedRAMP Low Revision 4 requirements.