Viewing details for a control
For each Amazon Security Hub control, you can display a page of useful details.
The top of the control details page provides an overview of the control, including:
-
Enablement status – The top of the page tells you whether the control is enabled for at least one standard in at least one member account. If you have set an aggregation Region, the control is enabled if it is enabled for at least one standard in at least one Region. If the control is disabled, you can enable it from this page. If the control is enabled, you can disable it from this page. For more information, see Enabling and disabling controls in all standards.
-
Control status – This status summarizes the performance of a control based on the compliance status of the control findings. Security Hub typically generates the initial control status within 30 minutes after your first visit to the Summary page or Security standards page on the Security Hub console. Statuses are only available for controls that are enabled when you visit those pages. Use the
UpdateStandardsControl
API operation to enable or disable a control. In addition, Amazon Config resource recording must be configured for the control status to appear. After control statuses are generated for the first time, Security Hub updates the control status every 24 hours based on the findings from the previous 24 hours. On the standard details page and the control details page, Security Hub displays a timestamp to indicate when the status was last updated.Administrator accounts see an aggregated control status across the administrator account and member accounts. If you have set an aggregation Region, the control status includes findings across all linked Regions. For more information about control status, see Compliance status and control status.
Note
It can take up to 24 hours after enabling a control for first-time control statuses to be generated in the China Regions and Amazon GovCloud (US) Region.
The Standards and Requirements tab lists the standards that a control can be enabled for and the requirements related to the control from different compliance frameworks.
The bottom of the details page contains information about the active findings for the control. Control findings are generated by security checks against the control. The control finding list does not include archived findings.
The finding list uses tabs that display different subsets of the list. On most of the
tabs, the finding list shows findings that have a workflow status of NEW
,
NOTIFIED
, or RESOLVED
. A separate tab displays
SUPPRESSED
findings.
For each finding, the list provides access to finding details such as the compliance status and related resource. You can also set the workflow status of each finding and send findings to custom actions. For more information, see Viewing and taking action on control findings.
Viewing details for a control
Choose your preferred access method, and follow these steps to view details for a control. Details apply to the current account and Region and include the following:
-
Title and description of the control
-
Link to remediation instructions for failed control findings
-
Severity of the control
-
Enablement status of the control
-
(On the console) A list of recent findings for the control. When using the Security Hub API or Amazon CLI, use
GetFindings
to retrieve control findings.