Enable AWS Security Hub for an AWS Account rule
This rule pertains to enabling AWS Security Hub for an AWS Account to ensure high security standards.
| Rule | AWS Security Hub should be enabled for an AWS Account |
| Framework | NIST 800-53 Revision 5 |
| Severity | ✔ High |
AWS Security Hub and NIST 800-53 Revision 5 Compliance
AWS Security Hub provides a comprehensive view of your security state within AWS and helps you check your environment against security industry standards and best practices. NIST 800-53 Revision 5 provides a catalog of security controls for all U.S. federal information systems except those related to national security. Enabling AWS Security Hub is a vital step in aligning with NIST 800-53's recommendations.
Enabling AWS Security Hub
Steps for Enabling AWS Security Hub:
- 1.
Log in to AWS Management Console: Access the AWS Management Console and log in using an account that has the necessary permissions to enable Security Hub.
- 2.
Navigate to Security Hub: Under the “Services” menu, locate and click on “Security Hub.”
- 3.
Enable Security Hub: Click on “Enable Security Hub” or “Go to Security Hub” if you’ve visited it before.
- 4.
Initial Configuration: Follow the on-screen instructions to configure your initial settings, including selecting the AWS regions where you want Security Hub to be active and choosing the standards to enable.
- 5.
Enable Standards: Within the Security Hub dashboard, navigate to the "Standards" section and find the “AWS Foundational Security Best Practices” standard. Enable it to get insights aligned with NIST 800-53 security controls.
- 6.
Confirm Activation: After a few minutes, AWS Security Hub will be activated and start aggregating and analyzing data from AWS services, such as Amazon GuardDuty, Amazon Inspector, AWS IAM Access Analyzer, and Amazon Macie.
Automation with AWS CLI:
To enable Security Hub and configure it in an automated way using AWS Command Line Interface (AWS CLI), follow the steps below:
- 1.
Install AWS CLI: Make sure AWS CLI is installed and configured on your machine.
- 2.
Enable Security Hub:
aws securityhub enable-security-hub --region your-region - 3.
Enable Standards:
aws securityhub batch-enable-standards --standards-subscription-requests standardsArn=arn:aws:securityhub:your-region::standard/securityhub/aws-foundational-security-best-practices/v/1.0.0
Replace
your-regionaws securityhub describe-standards --region your-region
Troubleshooting AWS Security Hub Activation
If you encounter any issues while enabling AWS Security Hub, consider the following troubleshooting steps:
- 1.
Check Permissions: Ensure the AWS IAM user or role has sufficient permissions to enable Security Hub and configure standards.
- 2.
Verify Regions: Confirm that AWS Security Hub is supported in the regions you’re trying to enable it. Also, ensure that your CLI configurations or API calls are set to the correct region.
- 3.
Check Service Limits: Be aware of and ensure you are within the AWS Security Hub service limits.
- 4.
Audit API Calls: Use AWS CloudTrail to audit API calls to track down errors or failed attempts related to Security Hub.
- 5.
Consult AWS Documentation: Review the AWS Security Hub documentation for more detailed instructions and troubleshooting guides.
Remediation Steps
In case standards are not enabled or properly configured for AWS Security Hub:
- 1.Revisit the AWS Management Console and ensure you've properly enabled the necessary NIST 800-53 aligned standards.
- 2.Review the configuration settings for each standard and modify them if needed.
- 3.Use the AWS CLI to re-run the enablement commands, ensuring you're using the right ARN for the standards.
For a successful and efficient alignment with NIST 800-53 recommendations, regularly monitor AWS Security Hub findings, address security issues, and adjust configurations as necessary. Remember, maintaining compliance is a continuous process of monitoring, remediating, and improving your security posture.