Enable AWS Security Hub Rule
Ensure compliance by enabling AWS Security Hub for the AWS Account.
| Rule | AWS Security Hub should be enabled for an AWS Account |
| Framework | FedRAMP Moderate Revision 4 |
| Severity | ✔ High |
Enabling AWS Security Hub for FedRAMP Moderate Revision 4 Compliance
Description of the Rule
AWS Security Hub is a service that provides a comprehensive view of your security state within AWS. It collects and consolidates findings from the various AWS services you use, like Amazon GuardDuty, Amazon Inspector, and Amazon Macie, as well as from AWS Partner solutions. For organizations that require compliance with Federal Risk and Authorization Management Program (FedRAMP) Moderate Revision 4, enabling AWS Security Hub is a critical step. This program provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services.
FedRAMP Moderate Revision 4 compliance includes enhanced security controls and policies to protect sensitive federal information. By enabling AWS Security Hub and using its comprehensive suite of compliance checks, you can ensure that your AWS environment aligns with FedRAMP Moderate standards.
Troubleshooting Steps
If you encounter issues while enabling or configuring AWS Security Hub, follow these steps:
- 1.Verify Permissions: Ensure your IAM user has the necessary permissions to enable and configure Security Hub.
- 2.Region Support: AWS Security Hub must be enabled in each region where you want to monitor resources. Confirm that Security Hub is available and supported in your chosen region.
- 3.Service Health: Check the AWS Service Health Dashboard for any ongoing issues with AWS Security Hub that might be impacting its usage.
Necessary Codes
To enable AWS Security Hub using the AWS Command Line Interface (CLI), use the following command:
aws securityhub enable-security-hub --standards-subscription-arns arn:aws:securityhub:us-east-1::standards/fedramp-moderate/1.0.0
Replace
us-east-1Step by Step Guide for Remediation
Step 1: Enable AWS Security Hub
Using AWS CLI:
aws securityhub enable-security-hub
Step 2: Subscribe to FedRAMP Moderate Baseline Standards
aws securityhub batch-enable-standards --standards-subscription-requests StandardsArn=arn:aws:securityhub::*:standards/aws-foundational-security-best-practices/v/1.0.0
Step 3: Verify the Standards Subscription
aws securityhub get-enabled-standards --standards-subscription-arns arn:aws:securityhub::*:standards/aws-foundational-security-best-practices/v/1.0.0
Step 4: Continuous Monitoring and Compliance Checks
Configure AWS Security Hub to perform automatic compliance checks against the FedRAMP Moderate security controls. This is typically done from the AWS Security Hub console by selecting the standards and configuring custom or managed insights.
Step 5: Review Findings
Regularly review Security Hub findings to ensure ongoing compliance:
aws securityhub get-findings --filters '{"ComplianceStatus": [{"Value": "FAILED", "Comparison": "EQUALS"}]}'
By following these detailed steps and keeping AWS Security Hub enabled, your AWS account should remain aligned with FedRAMP Moderate Revision 4 compliance standards. Maintaining security and compliance within the AWS environment is crucial for protecting sensitive federal information and adhering to federal regulations.
For any commands not functioning as expected, verify your CLI version is up to date, the syntax is correct, and your user has necessary permissions. If issues persist, consult AWS documentation or the AWS support team for further assistance.