How do I prepare for consolidated controls view and consolidated control findings?

3 minute read

I'm using AWS Security Hub to run security checks against controls and generate control findings. I want to prepare for new, upcoming features that will affect how I view and receive control findings.

Short description

AWS Security Hub identifies security controls and generates control findings in the context of security standards. In early 2023, Security Hub will release two features that decouple controls from standards. The new features also streamline how you view and receive control findings:

After the release of consolidated controls view, you'll see a consolidated list of your controls from the new Controls page in the Security Hub console. Security Hub will also assign controls a consistent security control ID across standards. This helps you to investigate failed findings that affect multiple compliance frameworks.

Consolidated control findings will streamline your control findings. When this feature is turned on, Security Hub produces a single finding for a security check even when a check is shared across multiple standards. This reduces finding noise and helps you focus on the security issues affecting your environment.

Note: Both features will bring changes to control finding fields and values in the AWS Security Finding Format (ASFF).

Resolution

If your workflows don’t rely on the specific format of any control finding fields, no action is required to prepare for these feature releases. It's a best practice to immediately turn on consolidated control findings.

If you're using the Automated Security Response on AWS solution for predefined response and remediation actions, it's a best practice to wait to make changes. This feature doesn't support consolidated control findings at this time. If you turn on consolidated control findings, actions you deployed using the Automated Security Response solution will no longer work.

If you rely on the specific format of any control finding fields (such as custom automation), review the upcoming finding field and value changes. Confirm that your workflows will continue to function as intended. For more information and examples, see How to prepare for control finding field and value changes.

If you created custom insights by using the control finding fields or values that will change, it's a best practice to update those insights to use the new fields or values.

For more information, including generator IDs, control titles, and complete example findings before and after the releases, see Upcoming features: consolidated controls view and consolidated control findings.

Topics

Security, Identity, & Compliance

Relevant content

Connecting Security Controls to Standards Controls to Findings in the Security Hub API
rePost-User-4471548
asked 2 months ago
security Hub vs Detective guardrails
nishan
asked 3 days ago
Security Hub - Ensure hardware MFA is enabled for the 'root' user account
rePost-User-4683517
asked 3 months ago
Transfer existing consolidated billing account into newly deployed Control Tower Landing Zone
rePost-User-9168878
asked 4 months ago
Deleted AWS resource still shows in AWS Security Hub findings
connectdev
asked a month ago
How can I aggregate my Security Hub findings and security scores from multiple AWS Regions?
AWS OFFICIALUpdated a year ago
How is the pricing benefit of a Reserved Instance applied across an organization's consolidated bill?
AWS OFFICIALUpdated a year ago
How can I use Security Hub to monitor security issues for my AWS environment?
AWS OFFICIALUpdated a year ago
How do I resolve an empty or “0%” security score or a “No data” compliance status in Security Hub?
AWS OFFICIALUpdated 13 days ago
Announcing 4 new widgets on AWS Console Home - Security Hub, Ops summary, Patch compliance, and Managed instances
EXPERT
Grace Kitzmiller
published 5 months ago