- Más nuevo
- Más votos
- Más comentarios
If a compliance standard, such as PCI-DSS/NIST 800-53 in your case, is already present in Security Hub, then the fully-managed Security Hub service is the easiest way to operationalize it. The AWS Config conformance packs are not needed if you are using the standard in Security Hub.
Security Hub FAQ covers it well
Q: When do I use AWS Security Hub and AWS Config conformance packs? If a compliance standard, such as PCI-DSS, is already present in AWS Security Hub, then the fully managed AWS Security Hub service is the easiest way to operationalize it. You can investigate findings via AWS Security Hub’s integration with Amazon Detective, and you can build automated or semi-automated remediation actions using AWS Security Hub’s Amazon Eventbridge integration. However, if you want to assemble your own compliance or security standard, which may include security, operational or cost optimization checks, AWS Config conformance packs are the way to go. AWS Config conformance packs simplify management of AWS Config rules by packaging a group of AWS Config rules and associated remediation actions into a single entity. This packaging simplifies deployment of rules and remediation actions across an organization. It also enables aggregated reporting, as compliance summaries can be reported at the pack level. You can start with the AWS Config conformance samples we provide, and customize as you see fit.
So in your case, i will recommend to turn off NIST Special Publication 800-53 compliance pack at AWS Config. However, do note that Security Hub security checks leverage configuration items recorded by AWS Config. AWS Config is required for these security checks. Security Hub customers are not charged separately for any AWS Config rules enabled by Security Hub though.
Contenido relevante
- OFICIAL DE AWSActualizada hace 2 años
- OFICIAL DE AWSActualizada hace 2 años
- OFICIAL DE AWSActualizada hace un año