I'm using AWS Security Hub to run security checks against controls and generate control findings. I want to prepare for new, upcoming features that will affect how I view and receive control findings.
AWS Security Hub identifies security controls and generates control findings in the context of security standards. In early 2023, Security Hub will release two features that decouple controls from standards. The new features also streamline how you view and receive control findings:
After the release of consolidated controls view, you'll see a consolidated list of your controls from the new Controls page in the Security Hub console. Security Hub will also assign controls a consistent security control ID across standards. This helps you to investigate failed findings that affect multiple compliance frameworks.
Consolidated control findings will streamline your control findings. When this feature is turned on, Security Hub produces a single finding for a security check even when a check is shared across multiple standards. This reduces finding noise and helps you focus on the security issues affecting your environment.
Note: Both features will bring changes to control finding fields and values in the AWS Security Finding Format (ASFF).
If your workflows don’t rely on the specific format of any control finding fields, no action is required to prepare for these feature releases. It's a best practice to immediately turn on consolidated control findings.
If you're using the Automated Security Response on AWS solution for predefined response and remediation actions, it's a best practice to wait to make changes. This feature doesn't support consolidated control findings at this time. If you turn on consolidated control findings, actions you deployed using the Automated Security Response solution will no longer work.
If you rely on the specific format of any control finding fields (such as custom automation), review the upcoming finding field and value changes. Confirm that your workflows will continue to function as intended. For more information and examples, see How to prepare for control finding field and value changes.
If you created custom insights by using the control finding fields or values that will change, it's a best practice to update those insights to use the new fields or values.
For more information, including generator IDs, control titles, and complete example findings before and after the releases, see Upcoming features: consolidated controls view and consolidated control findings.