This rule ensures that AWS Security Hub is activated for improved account security.
Rule | AWS Security Hub should be enabled for an AWS Account |
Framework | NIST 800-171 Revision 2 |
Severity | ✔ High |
Rule Description
AWS Security Hub enables you to centrally manage and monitor security across your AWS accounts. It provides comprehensive security insights and automates continuous compliance checks against industry standards, such as NIST 800-53 and NIST 800-171. Enabling AWS Security Hub for an AWS account ensures that your account is actively monitored for security events and compliance with NIST 800-171 Revision 2 controls.
Troubleshooting Steps (if applicable)
Verify Permissions: Ensure that you have sufficient permissions to enable AWS Security Hub in the AWS account.
Check Account Status: Verify if AWS Security Hub is already enabled in the account. If it is enabled, proceed to validate compliance with NIST 800-171 Revision 2 controls.
Review IAM Roles: Confirm that the necessary IAM roles for Security Hub integration and compliance checks are properly configured in the account.
Necessary Codes (if applicable)
There are no specific codes required for enabling AWS Security Hub for an AWS Account. However, you may need to use AWS CLI commands for troubleshooting or managing IAM roles associated with Security Hub.
Step-by-Step Guide for Remediation
Log in to the AWS Management Console using valid credentials.
Open the AWS Security Hub service from the console.
In the left navigation pane, select "Settings."
Click on the "Enable AWS Security Hub" button.
A pop-up dialog will appear with account details. Review the information and click "Enable Security Hub."
Once enabled, Security Hub will start aggregating findings from various AWS services and perform continuous compliance checks against NIST 800-171 Revision 2 controls.
Monitor the Security Hub dashboard for security insights, alerts, and compliance status.
Troubleshooting or Managing IAM Roles
If you encounter issues with Security Hub integration or compliance checks, you may need to troubleshoot or manage IAM roles. Follow these steps:
Open AWS IAM service from the console.
Review the necessary IAM roles for Security Hub integration and compliance checks, i.e., "AWSSecurityHubReadOnlyAccess" and "AWSSecurityHubFullAccess."
Check if the roles are properly attached to the desired users, groups, or AWS services.
If roles are missing or not correctly configured, follow the AWS documentation to create and attach the required IAM roles.
AWS CLI Commands (optional)
If you prefer using the AWS CLI for troubleshooting or managing IAM roles, here are some example commands:
List IAM roles:
aws iam list-roles
Describe an IAM role:
aws iam get-role --role-name <role-name>
Create an IAM role:
aws iam create-role --role-name <role-name> --assume-role-policy-document file://assume-role-policy.json --description <description>
Note: Replace
<role-name>
and <description>
with appropriate values.Follow the AWS CLI documentation for more details on specific commands.
By enabling AWS Security Hub and ensuring compliance with NIST 800-171 Revision 2 controls, you can enhance the overall security posture of your AWS account and meet regulatory requirements.