NIST Special Publication 800-53 Revision 5

Hi Team,

I have enabled "NIST Special Publication 800-53 Revision 5" standard in Security hub and it has covered majority of service control

But some service controls are not covered by Security hub ,i just want know how to remediate/setting in aws account

please provide remidataion steps to fix below service control ::::

1. Service control ID : AC-10

Service Control Title : CONCURRENT SESSION CONTROL Control: Limit the number of concurrent sessions for each [Assignment: organization-defined account and/or account type] to [Assignment: organization-defined number].

2. Service control ID : AC-12

Service Control Title : Control: Automatically terminate a user session after [Assignment: organization-defined conditions or trigger events requiring session disconnect].

3. Service control ID : IA-4 (6)

Service Control Title : CROSS-ORGANIZATION MANAGEMENT Coordinate with the following external organizations for cross-organization management of identifiers: [Assignment: organization-defined external organizations]. Discussion: Cross-organization identifier management provides the capability to identify individuals, groups, roles, or devices when conducting cross-organization activities involving the processing, storage, or transmission of information.

4. Service control ID : PM-31

Service Control Title : "CONTINUOUS MONITORING STRATEGY Control: Develop an organization-wide continuous monitoring strategy and implement continuous monitoring programs that include: a. Establishing the following organization-wide metrics to be monitored: [Assignment: organization-defined metrics]; b. Establishing [Assignment: organization-defined frequencies] for monitoring and [Assignment: organization-defined frequencies] for assessment of control effectiveness; c. Ongoing monitoring of organizationally-defined metrics in accordance with the continuous monitoring strategy; d. Correlation and analysis of information generated by control assessments and monitoring; e. Response actions to address results of the analysis of control assessment and monitoring information; and f. Reporting the security and privacy status of organizational systems to [Assignment: organization-defined personnel or roles] [Assignment: organization-defined frequency]."