NIST Special Publication 800-53 Revision 5

Hi Team,

I have enabled "NIST Special Publication 800-53 Revision 5" standard in Security hub and it has covered majority of service control

But some service controls are not covered by Security hub ,i just want know how to remediate/setting in aws account

please provide remidataion steps to fix below service control ::::

Service control ID : AC-10

Service Control Title : CONCURRENT SESSION CONTROL Control: Limit the number of concurrent sessions for each [Assignment: organization-defined account and/or account type] to [Assignment: organization-defined number].

Service control ID : AC-12

Service Control Title : Control: Automatically terminate a user session after [Assignment: organization-defined conditions or trigger events requiring session disconnect].

Service control ID : IA-4 (6)

Service Control Title : CROSS-ORGANIZATION MANAGEMENT Coordinate with the following external organizations for cross-organization management of identifiers: [Assignment: organization-defined external organizations]. Discussion: Cross-organization identifier management provides the capability to identify individuals, groups, roles, or devices when conducting cross-organization activities involving the processing, storage, or transmission of information.

Service control ID : PM-31

Service Control Title : "CONTINUOUS MONITORING STRATEGY Control: Develop an organization-wide continuous monitoring strategy and implement continuous monitoring programs that include: a. Establishing the following organization-wide metrics to be monitored: [Assignment: organization-defined metrics]; b. Establishing [Assignment: organization-defined frequencies] for monitoring and [Assignment: organization-defined frequencies] for assessment of control effectiveness; c. Ongoing monitoring of organizationally-defined metrics in accordance with the continuous monitoring strategy; d. Correlation and analysis of information generated by control assessments and monitoring; e. Response actions to address results of the analysis of control assessment and monitoring information; and f. Reporting the security and privacy status of organizational systems to [Assignment: organization-defined personnel or roles] [Assignment: organization-defined frequency]."

Topics

Security, Identity, & Compliance

Relevant content

Which one to choose AWS Config or AWS Security hub
Sid
asked 6 months ago
AWS Rekognition NIST
GaryTurner
asked 2 years ago
Rekognition and National Institute of Standards and Technology (NIST) verification
AWS-User-8469469
asked 2 years ago
Why does api-gw-cache-enabled-and-encrypted require caching for NIST 800-171 compliance?
emattheis
asked 2 years ago
How do I set special parameters in an AWS Glue job using AWS CloudFormation?
AWS OFFICIALUpdated 2 years ago
How do I resolve an empty or “0%” security score or a “No data” compliance status in Security Hub?
AWS OFFICIALUpdated a year ago
Why did Security Hub initiate the finding "Lambda function policies should prohibit public access"?
AWS OFFICIALUpdated a year ago
How can I aggregate my Security Hub findings and security scores from multiple AWS Regions?
AWS OFFICIALUpdated 2 years ago
Lesson 5: Trust the Well-Architected Framework
EXPERT
BCole2019
published 2 months ago
VPC IP Address Manager's 'Public IP Insights': A free and simple feature for customers to get insights on their public IPv4 usage
EXPERT
Nawaz
published 5 months ago