Compliance - Amazon Security Hub
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).


Contains finding details that are specific to control-based findings. Only returned for findings generated from controls.



The enabled security standards in which a security control is currently enabled.

Type: Array of AssociatedStandard objects

Required: No


For a control, the industry or regulatory framework requirements that are related to the control. The check for that control is aligned with these requirements.

Array Members: Maximum number of 32 items.

Type: Array of strings

Pattern: .*\S.*

Required: No


The unique identifier of a control across standards. Values for this field typically consist of an Amazon Web Service and a number, such as APIGateway.5.

Type: String

Pattern: .*\S.*

Required: No


An object that includes security control parameter names and values.

Type: Array of SecurityControlParameter objects

Required: No


The result of a standards check.

The valid values for Status are as follows.

    • PASSED - Standards check passed for all evaluated resources.

    • WARNING - Some information is missing or this check is not supported for your configuration.

    • FAILED - Standards check failed for at least one evaluated resource.

    • NOT_AVAILABLE - Check could not be performed due to a service outage, API error, or because the result of the Amazon Config evaluation was NOT_APPLICABLE. If the Amazon Config evaluation result was NOT_APPLICABLE for a Security Hub control, Security Hub automatically archives the finding after 3 days.

Type: String


Required: No


For findings generated from controls, a list of reasons behind the value of Status. For the list of status reason codes and their meanings, see Standards-related information in the ASFF in the Amazon Security Hub User Guide.

Type: Array of StatusReason objects

Required: No

See Also

For more information about using this API in one of the language-specific Amazon SDKs, see the following: