View a markdown version of this page

AI Security Best Practices standard in Security Hub CSPM - Amazon Security Hub
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

AI Security Best Practices standard in Security Hub CSPM

The AI Security Best Practices standard is a set of automated security checks that detect when deployed AI resources do not align with security best practices. Developed by Amazon security experts, this standard provides a curated set of controls that help you identify areas where your AI workloads deviate from recommended security configurations.

In Amazon Security Hub CSPM, the AI Security Best Practices standard includes controls that continuously evaluate your resources. The controls cover security domains including but not limited to network isolation, encryption at rest and in transit, VPC placement, Amazon KMS key usage, and private registry requirements. Each control is assigned a category that reflects the security function that the control applies to. For a list of categories and additional details, see Control categories in Security Hub CSPM.

The AI Security Best Practices standard has the following Amazon Resource Name (ARN): arn:aws-cn:securityhub:region::standards/ai-security-best-practices/v/1.0.0, where region is the Region code for the applicable Amazon Web Services Region. You can also use the GetEnabledStandards operation of the Security Hub CSPM API to retrieve the ARN of a standard that's currently enabled.

Controls that apply to the standard

The following list specifies which Amazon Security Hub CSPM controls apply to the AI Security Best Practices standard (v1.0.0). To review the details of a control, choose the control.