Central configuration in the context of a standard or control - Amazon Security Hub
Configuring a security standard in contextConfiguring a security control in context
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Central configuration in the context of a standard or control

You can use central configuration from the Configuration page of the Amazon Security Hub console, or in the context of a specific security standard or security control. Using this feature in context lets you configure standards and controls across your organization in a way that's integrated with existing workflows. In addition, as you view findings, you can discover which standards and controls are most relevant to your environment and configure them at the same time.

In-context configuration is available only on the Security Hub console. Programmatically, you must invoke the UpdateConfigurationPolicy API to change how specific standards or controls are configured in your organization.

Configuring a security standard in context

Follow the steps to configure a security standard in context through central configuration.

To configure a security standard in context (console only)

  1. Open the Amazon Security Hub console at https://console.amazonaws.cn/securityhub/.

    Sign in using the credentials of the Security Hub delegated administrator account in the home Region.

  2. In the navigation pane, choose Security standards.

  3. For the standard you want to configure, choose Configure. You can also choose a specific standard and then choose Configure from the standard details page. The console lists your existing Security Hub configuration policies (configuration policies) and the status of this standard in each one.

  4. Choose the options to enable or disable the standard in each configuration policy.

  5. After making your changes, choose Next.

  6. Review your changes, and choose Apply. This action affects all accounts and OUs that are associated with a configuration policy. Your configuration takes effect in the home Region and all linked Regions.

Configuring a security control in context

Follow the steps to configure a security control in context through central configuration.

To configure a security control in context (console only)

  1. Open the Amazon Security Hub console at https://console.amazonaws.cn/securityhub/.

    Sign in using the credentials of the Security Hub delegated administrator account in the home Region.

  2. In the navigation pane, choose Controls.

  3. Choose a specific control, and then choose Configure. The console lists your current configuration policies and the status of this control in each one.

  4. Choose the options to enable or disable the control in each configuration policy. You can also choose to customize control parameters.

  5. After making your changes, choose Next.

  6. Review your changes, and choose Apply. This action affects all accounts and OUs that are associated with a configuration policy. Your configuration takes effect in the home Region and all linked Regions.