Enable AWS Security Hub Rule
Ensure the AWS Security Hub is enabled for better account security.
| Rule | AWS Security Hub should be enabled for an AWS Account |
| Framework | NIST 800-171 Revision 2 |
| Severity | ✔ High |
Rule Description
The rule requires AWS Security Hub to be enabled for an AWS account to ensure compliance with NIST 800-171 Revision 2 security controls. AWS Security Hub provides a comprehensive view of security alerts and compliance status, helping to identify potential vulnerabilities and monitor security posture.
Enabling AWS Security Hub allows the account to receive findings from various security services, such as Amazon GuardDuty, Amazon Macie, and AWS Config. It helps to centralize and streamline security-related information, allowing for efficient threat detection and incident response.
Troubleshooting Steps
If AWS Security Hub is not enabled for the AWS account, follow the troubleshooting steps below:
- 1.
Verify Account Permissions: Ensure that you have the necessary permissions to enable AWS Security Hub. Check if you have the appropriate IAM policies and roles assigned to your account.
- 2.
Check Service Availability: Verify if AWS Security Hub is available in the region where your AWS account is located. Some AWS services may have limited regional availability, so make sure Security Hub is supported in your desired region.
- 3.
Account Ownership: Ensure that you are the owner of the AWS account or have sufficient administrative access. Only the root account or an IAM user with administrative privileges can enable Security Hub.
- 4.
Security Hub Limitations: Check for any account-level limitations that may prevent enabling AWS Security Hub. For example, AWS accounts created before a specific date may require you to enable the service manually.
Necessary Code
If you prefer to enable AWS Security Hub via AWS Command Line Interface (CLI), you can use the following code:
aws securityhub create-members --account-details '{"AccountId": "<Member_Account_ID>", "Email": "<Member_Account_Email>"}'
Replace
<Member_Account_ID><Member_Account_Email>Remediation Steps
To enable AWS Security Hub for an AWS account, follow the step-by-step guide below:
- 1.
Step 1: Sign in to the AWS Management Console: Open the URL of the AWS Management Console (https://console.aws.amazon.com) and sign in using your root account or an IAM user with administrative privileges.
- 2.
Step 2: Open Security Hub: In the AWS Management Console, use the search bar at the top of the page to find "Security Hub" or locate it under the "Security, Identity & Compliance" section.
- 3.
Step 3: Enable Security Hub: Once you are on the Security Hub dashboard, click on "Enable Security Hub" to initiate the setup process.
- 4.
Step 4: Configure Settings: Review the default configuration settings and make any necessary adjustments according to your requirements. You can choose the automatic enabling of security standards or manually configure them later.
- 5.
Step 5: Apply Changes: Click on "Enable Security Hub" to apply the changes and enable AWS Security Hub for your AWS account.
- 6.
Step 6: Verify Security Hub Enabled: After a few minutes, Security Hub should be enabled for your account. You can verify its status by returning to the Security Hub dashboard and confirming the "Enabled" status.
- 7.
Step 7: Monitor Findings: Once Security Hub is enabled, you can start monitoring security findings generated by various AWS security services. Set up automated responses or investigate findings manually based on your specific requirements.
By following these steps, you can enable AWS Security Hub and begin leveraging its capabilities to enhance your security posture and align with NIST 800-171 Revision 2 requirements.