By using AWS re:Post, you agree to the Terms of Use
/Can you add custom Security Stadards or edit existing Standards?/

Can you add custom Security Stadards or edit existing Standards?

0

I don't see this mentioned in the documentation and I do not see any options in the console, so I thought I would double check here to ensure I am not missing anything:

  1. Can you create your own Security Standard that has a set of rules that you'd like your accounts to comply with?

  2. Can you customize existing Security Standards? For example, before enabling the CIS Benchmark, can I disable all Level 2 controls? Or is the only way to do this to enable the standard and then disable individual controls afterwards?

Perhaps using another tool that can integrate with Security Hub, such as Prowler, is the way to go for a custom Security Standard?

Thank you

2 Answers
0

Fully customizable standards are coming in the future. Today, you can disable individual controls in a standard. This can only be done after you have enabled the standard.

Relevant docs:

https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-standards-enable-disable-controls.html

https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-standards-cis-to-disable.html

answered 2 years ago
0

Thank you, Ely. That is great to hear about fully customizable standards coming in the future. Also, thank you for confirming that we can only enable standards and then disable individual rules. That is what I thought.

answered 2 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions