- Newest
- Most votes
- Most comments
Hi rePost-User-6703621,
The AWS Config conformance packs are not needed if you are using the standard in Security Hub.
The Security Hub FAQ gives a good explanation to help answer this:
Q: When do I use AWS Security Hub and AWS Config conformance packs? If a compliance standard, such as PCI-DSS, is already present in AWS Security Hub, then the fully managed AWS Security Hub service is the easiest way to operationalize it. You can investigate findings via AWS Security Hub’s integration with Amazon Detective, and you can build automated or semi-automated remediation actions using AWS Security Hub’s Amazon Eventbridge integration. However, if you want to assemble your own compliance or security standard, which may include security, operational or cost optimization checks, AWS Config conformance packs are the way to go. AWS Config conformance packs simplify management of AWS Config rules by packaging a group of AWS Config rules and associated remediation actions into a single entity. This packaging simplifies deployment of rules and remediation actions across an organization. It also enables aggregated reporting, as compliance summaries can be reported at the pack level. You can start with the AWS Config conformance samples we provide, and customize as you see fit.
AWS Security Hub's fully managed solution is the easiest method to operationalize compliance standards like PCI-DSS. AWS Config conformance packs can help you create your own compliance or security standard, including security, operational, and cost optimization checks. AWS Config compliance packs bundle AWS Config rules and corrective actions to simplify maintenance.
Relevant content
- asked 2 years ago
- asked 6 months ago
- asked 6 months ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated a year ago