In 2018 AWS released the preview release of AWS Security Hub. Since then the solution has been a critical component for most cloud environments. AWS Security Hub is considered a Cloud Security Posture Management (CSPM) system. It automatically checks cloud-native services configuration for compliance with security controls for common frameworks like CIS Benchmark, PCI DSS, or AWS Foundational Security Best Practices.
On the 9th of November, AWS enabled Security Hub to perform automated security checks against levels 1 and 2 of the CIS AWS Foundations Benchmarks version 1.4.
Level 1 describes the minimum security baseline, which can be implemented without disrupting business functionality. In comparison Level 2 is considered "defense in depth" and should be implemented with proper testing and investigation of potential business risks and dependencies. Level 2 is usually considered in environments where security is more critical.
Enjoy this article? Subscribe to receive the latest news about cloud security here 📫
If you navigate to the "Security standards" section in Security Hub, you can enable CIS AWS Foundations Benchmarks version 1.4 from there.
After activation, we need to wait approximately 2 hours until the first results will be generated in the console. Until then, the controls have a status of "No data".
In total, the new security standard consists of 39 rules (4 Critical, 4 High, 15 Medium, and 16 Low severity). On the overview page of the security standard, you will see your security score, which is updated every 24 hours, and the compliance status of all controls.
Selecting any control will get you an overview of all incompliant resources as well as remediation instructions to mitigate the issue. We can also investigate the issue via AWS Config.
CIS Benchmarks v1.4 is available in all regions where Security Hub is available.
