Rule: AWS Security Hub should be enabled for an AWS Account
This rule ensures AWS Security Hub is enabled for top-tier security in AWS accounts.
| Rule | AWS Security Hub should be enabled for an AWS Account |
| Framework | Federal Financial Institutions Examination Council (FFIEC) |
| Severity | ✔ High |
Rule Description
This rule enforces the requirement to enable AWS Security Hub for an AWS Account that belongs to the Federal Financial Institutions Examination Council (FFIEC). AWS Security Hub is a comprehensive security service that provides a unified view of your security and compliance posture across multiple AWS accounts. By enabling Security Hub, you can obtain insights into potential security risks and compliance issues within your AWS environment, leading to improved security posture and regulatory compliance for FFIEC.
Troubleshooting Steps
If you encounter any issues while enabling AWS Security Hub for FFIEC, follow these steps to troubleshoot:
- 1.
Verify AWS Account Eligibility: Ensure that the AWS Account is associated with a Federal Financial Institutions Examination Council (FFIEC) organization or entity. Only accounts belonging to FFIEC qualify for this rule.
- 2.
Check Permission: Make sure that you have the necessary permissions to enable AWS Security Hub. Verify that you have the
permission in your AWS Identity and Access Management (IAM) policy.SecurityHub:EnableSecurityHub - 3.
Review Existing Security Hub Configuration: If Security Hub has already been enabled, validate the existing configuration to ensure it aligns with FFIEC requirements. Ensure that all required standards (such as AWS Foundational Security Best Practices) are enabled and configured correctly.
- 4.
Check for Account Region: Confirm that your AWS Account is operating in a region where Security Hub is available. Security Hub is currently available in regions such as US East (N. Virginia), US West (Oregon), and EU (Ireland).
- 5.
Review Billing and Pricing: Understand the cost implications associated with enabling Security Hub, as it will incur charges. Refer to the AWS Security Hub Pricing documentation for details on the pricing structure.
Necessary Codes
There are no specific codes required to enable AWS Security Hub for FFIEC as it is a configuration action performed through the AWS Management Console or using AWS CLI commands.
Step by Step Guide for Remediation
Follow these steps to enable AWS Security Hub for an AWS Account in compliance with the Federal Financial Institutions Examination Council (FFIEC) requirements:
- 1.
Sign in to the AWS Management Console: Access the AWS Management Console using your AWS account credentials.
- 2.
Navigate to the Security Hub Service: Open the AWS Management Console and search for "Security Hub" in the services search bar. Click on the "Security Hub" service to open the Security Hub dashboard.
- 3.
Verify Region: Ensure that you are working in the correct AWS region. Choose the region where you want to enable Security Hub from the region selector in the navigation bar.
- 4.
Enable Security Hub: On the Security Hub dashboard, click on the "Enable Security Hub" button.
- 5.
Choose a Compliance Standard: Select the compliance standards that align with FFIEC requirements. Consider enabling standards such as AWS Foundational Security Best Practices.
- 6.
Configure Automatic Invitations: Enable automatic security hub invitations to automatically include all existing and future accounts within your AWS organization. This ensures comprehensive security coverage.
- 7.
Review and Enable Data Sources: Review the available data sources and enable the ones relevant to your environment. This step is essential for generating insights and alerts within Security Hub.
- 8.
Review Other Settings: Optionally, review and configure other settings such as insight notifications, custom actions, etc., based on your requirements.
- 9.
Enable Security Hub: Click on the "Enable Security Hub" button to enable AWS Security Hub for your AWS account.
- 10.
Verify Security Hub Status: After enabling, verify that the Security Hub status changes to "Enabled" in the Security Hub dashboard.
- 11.
Repeat for Other Regions (if applicable): If you have multiple AWS regions, repeat the above steps to enable Security Hub in each required region.
- 12.
Validate and Maintain Configuration: Regularly review the Security Hub dashboard to ensure that the required standards are compliant and resolve any identified issues or recommendations promptly.
By following these steps, you can successfully enable AWS Security Hub for an AWS Account that belongs to the Federal Financial Institutions Examination Council (FFIEC).