Filtering and sorting the list of controls - Amazon Security Hub
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Filtering and sorting the list of controls

On the Controls page, you can see a list of your controls. You can filter and sort the list to focus on a specific subset of controls.

  • All enabled (controls that are enabled in at least one enabled standard)

  • Failed (controls with a Failed status)

  • Unknown (controls with an Unknown status)

  • Passed (controls with a Passed status)

  • Disabled (controls that are disabled in all standards)

  • No data (controls with no findings)

  • All (all controls, both enabled and disabled, and without regard to control status or findings count)

For more information about control status, see Compliance status and control status.

If you're using the integration with Amazon Organizations and are logged in to the Amazon Security Hub administrator account, the All enabled tab includes controls that are enabled in at least one member account. If you have set an aggregation Region, the All enabled tab includes controls that are enabled in at least one linked Region.

The Failed tab is displayed by default. On each tab, the controls are by default sorted by severity, from Critical to Low. You can also sort controls by control ID, compliance status, severity, or the number of failed checks. The search bar allows you to search for specific controls.

Tip

If you have automated workflows based on control findings, we recommend using the SecurityControlId or SecurityControlArn ASFF fields as filters, rather than Title or Description. The latter fields can change occasionally, whereas the control ID and ARN are static identifiers.

Choosing the option next to the control brings up a side panel which displays the standards in which the control is currently enabled. You can also see the standards in which the control is currently disabled. From this panel, you can disable a control by disabling it in all standards. For more information about enabling and disabling controls across standards, see Enabling and disabling controls in all standards. For administrator accounts, the information presented in the side panel reflects all member accounts.

On the Security Hub API, run ListSecurityControlDefinitions to get back a list of control IDs. Once you have the control IDs you are interested in, run BatchGetSecurityControls to get data about that subset of controls for the current Amazon Web Services account and Amazon Web Services Region.