Ensure AWS Security Hub is enabled rule
This rule ensures AWS Security Hub is enabled to enhance security measures.
| Rule | Ensure AWS Security Hub is enabled |
| Framework | cis_v150 |
| Severity | ✔ Low |
Rule Description
The rule "CIS AWS Foundations Benchmark v1.5.0 - 1.12: Ensure AWS Security Hub is enabled" ensures that AWS Security Hub, a comprehensive security service provided by Amazon Web Services (AWS), is enabled in your AWS account. Enabling Security Hub allows you to centralize and monitor security findings from various AWS services and third-party security tools.
Troubleshooting Steps
If AWS Security Hub is not enabled, follow these troubleshooting steps:
- 1.
Check current Security Hub status: Use the AWS Management Console or AWS CLI to check if Security Hub is already enabled in your AWS account.
- 2.
Verify required permissions: Ensure that you have the necessary permissions to enable Security Hub. The required permissions include
andsecurityhub:EnableSecurityHub
. Refer to the AWS Security Hub documentation for more information on these permissions.securityhub:UpdateSecurityHubConfiguration - 3.
Check AWS Organizations: If you are using AWS Organizations, make sure you have sufficient permissions in the master account to enable Security Hub. Additionally, ensure that Security Hub is enabled in the organization's management account.
- 4.
Verify account region: Confirm that you are attempting to enable Security Hub in the correct AWS region. Security Hub needs to be enabled separately for each specific region.
Necessary Code
There is no specific code required to enable AWS Security Hub, as it can be done through the AWS Management Console or AWS CLI. However, if you prefer to use the CLI, the following command can be used:
aws securityhub enable-security-hub
Please note that you must have the necessary AWS CLI access and permissions to execute this command successfully.
Step-by-Step Guide for Remediation
To enable AWS Security Hub for the CIS AWS Foundations Benchmark v1.5.0, follow these steps:
- 1.
Step 1: Log in to the AWS Management Console: Open your web browser and navigate to the AWS Management Console.
- 2.
Step 2: Go to Security Hub: In the AWS Management Console, use the search bar at the top of the page and search for "Security Hub". Click on the "Security Hub" service from the search results.
- 3.
Step 3: Enable Security Hub: On the Security Hub dashboard, click on the "Getting started" button or navigate to the "Settings" tab.
- 4.
Step 4: Enable CIS Benchmark: Under the "Standards" section, locate the CIS AWS Foundations Benchmark v1.5.0 and click on the "Enable" button next to it.
- 5.
Step 5: Confirm Enablement: A confirmation message will appear indicating that the benchmark is enabled. Review the message and click on the "Enable" button to proceed.
- 6.
Step 6: Verify Security Hub Status: After enabling, Security Hub will start aggregating security findings from various AWS services. You can check the status and progress of your findings on the Security Hub dashboard.
Congratulations! You have now successfully enabled AWS Security Hub for the CIS AWS Foundations Benchmark v1.5.0 in your AWS account. Ensure to regularly review and act upon the security findings to maintain a secure AWS infrastructure.