Rule: AWS Security Hub should be enabled for an AWS Account
This rule focuses on enabling AWS Security Hub for better account security.
| Rule | AWS Security Hub should be enabled for an AWS Account |
| Framework | SOC 2 |
| Severity | ✔ High |
Rule Description:
AWS Security Hub should be enabled for an AWS Account to ensure compliance with the SOC 2 security framework. SOC 2 (System and Organization Controls 2) is an auditing standard designed for service providers that store customer data in the cloud. By enabling AWS Security Hub, the account owner can gain better visibility and insights into the security and compliance posture of their cloud environment.
Troubleshooting Steps:
- 1.
Verify Current AWS Security Hub Status: Check if AWS Security Hub is already enabled for the AWS account by logging into the AWS Management Console and navigating to the Security Hub service. If Security Hub is already enabled, proceed to the next step. Otherwise, continue with the following steps.
- 2.
Security Hub Prerequisites: Ensure that the AWS account meets the prerequisites for enabling Security Hub. These prerequisites include:
- AWS Identity and Access Management (IAM) user with administrative permissions.
- The AWS account must not be a member of AWS Organizations, as Security Hub is currently not supported for organizations.
- 3.
Enable Security Hub: To enable Security Hub for the AWS account, follow these steps:
- Open the AWS Management Console and navigate to the Security Hub service.
- Click on the "Enable Security Hub" button.
- Choose the AWS account for which you want to enable Security Hub.
- Click on the "Enable Security Hub" button to confirm.
- 4.
Verify Security Hub Status: After enabling Security Hub, wait for a few minutes for the service to initialize. Then, revisit the Security Hub service in the AWS Management Console and ensure that the status is displayed as "Enabled" for the AWS account.
Necessary Codes:
No specific codes are required to enable AWS Security Hub. The steps mentioned above can be performed through the AWS Management Console graphical interface.
Step-by-Step Guide for Remediation:
- 1.Log into the AWS Management Console using the IAM user with administrative permissions.
- 2.Navigate to the AWS Security Hub service.
- 3.If Security Hub is already enabled for the AWS account, proceed to step 5. Otherwise, continue to step 4.
- 4.Click on the "Enable Security Hub" button.
- 5.Choose the AWS account for which you want to enable Security Hub.
- 6.Click on the "Enable Security Hub" button to confirm.
- 7.Wait for a few minutes for Security Hub to initialize and display the status as "Enabled" for the AWS account.
- 8.Verify the Security Hub status by revisiting the Security Hub service in the AWS Management Console.
Following these steps will enable AWS Security Hub for the AWS account, ensuring compliance with the SOC 2 security framework. Regularly monitor Security Hub to gain insights into the security and compliance posture of your cloud environment.