This rule ensures AWS Security Hub is enabled for AWS Accounts to maintain high security standards.
Rule | AWS Security Hub should be enabled for an AWS Account |
Framework | NIST 800-171 Revision 2 |
Severity | ✔ High |
Rule Description:
This rule ensures that AWS Security Hub is enabled for an AWS account and configured to comply with the NIST 800-171 Revision 2 security framework. Enabling Security Hub provides a centralized view of security findings across multiple AWS accounts and services, allowing for continuous monitoring and improved security posture.
Remediation Steps:
To remediate this rule, follow the steps below:
Step 1: Log in to the AWS Management Console
Access the AWS Management Console using your AWS account credentials.
Step 2: Open the Security Hub service
Navigate to the Security Hub service by searching for "Security Hub" in the AWS Management Console search bar and selecting it from the results.
Step 3: Enable Security Hub
Click on the "Enable Security Hub" button to enable Security Hub for your AWS account.
Step 4: Configure Security Hub with NIST 800-171 Revision 2
Once Security Hub is enabled, you need to configure it to comply with the NIST 800-171 Revision 2 security framework. Follow these steps:
4.1: Click on the "Settings" tab in the Security Hub console.
4.2: Under the "Standards" section, click on the "Manage standards" button.
4.3: In the "Compliance standards" page, click on the "Add standards" button.
4.4: Search for "NIST 800-171" in the search bar and select it from the results.
4.5: Click on the "Add standards" button to add NIST 800-171 to your Security Hub configuration.
Step 5: Review and remediate findings
After enabling and configuring Security Hub with NIST 800-171 Revision 2, Security Hub starts analyzing and aggregating security findings from various AWS services and sending them to the console. Follow these steps to review and remediate findings:
5.1: In the Security Hub console, navigate to the "Findings" tab.
5.2: Review the list of findings identified by Security Hub.
5.3: For each finding, click on it to view additional details and recommended remediation actions.
5.4: Remediate the findings by following the recommended actions provided by Security Hub.
Troubleshooting Steps:
If you encounter any issues while enabling or configuring Security Hub, refer to the troubleshooting steps below:
Issue: Unable to find Security Hub in the AWS Management Console
Solution: Ensure that you have the necessary permissions to access the Security Hub service. Contact your AWS account administrator if needed.
Issue: "Enable Security Hub" button is disabled
Solution: Check if Security Hub is already enabled for your AWS account. If it is already enabled, you do not need to perform this step.
Issue: Unable to add NIST 800-171 Revision 2 as a compliance standard
Solution: Ensure that you have the necessary permissions to modify Security Hub settings and add compliance standards. Contact your AWS account administrator if needed.
Issue: Security Hub is not detecting or generating findings
Solution: Ensure that AWS services and resources are properly configured and monitored. Check if appropriate IAM roles and permissions are assigned to Security Hub for accessing relevant services.
AWS CLI Commands:
While following the above steps, if you prefer using AWS CLI instead of the AWS Management Console, the following commands can be used:
aws securityhub enable-security-hub
aws securityhub update-compliance-standard-control --standards-subscription-arn <SubscriptionArn> --control-statuses <ControlStatuses>
Make sure to replace <SubscriptionArn> with the ARN of the NIST 800-171 standard subscription and <ControlStatuses> with the desired control statuses (e.g., "ENABLED").
Please note that AWS CLI commands require proper configuration and credentials to be set up beforehand.
Following these steps and utilizing the provided commands will enable AWS Security Hub for your AWS account and align it with the NIST 800-171 Revision 2 security framework, ultimately enhancing your overall security posture.