SecurityControl
A security control in Security Hub describes a security best practice related to a specific resource.
Contents
- Description
- 
               The description of a security control across standards. This typically summarizes how Security Hub evaluates the control and the conditions under which it produces a failed finding. This parameter doesn't reference a specific standard. Type: String Pattern: .*\S.*Required: Yes 
- RemediationUrl
- 
               A link to Security Hub documentation that explains how to remediate a failed finding for a security control. Type: String Pattern: .*\S.*Required: Yes 
- SecurityControlArn
- 
               The Amazon Resource Name (ARN) for a security control across standards, such as arn:aws:securityhub:eu-central-1:123456789012:security-control/S3.1. This parameter doesn't mention a specific standard.Type: String Pattern: .*\S.*Required: Yes 
- SecurityControlId
- 
               The unique identifier of a security control across standards. Values for this field typically consist of an AWS service name and a number, such as APIGateway.3. Type: String Pattern: .*\S.*Required: Yes 
- SecurityControlStatus
- 
               The enablement status of a security control in a specific standard. Type: String Valid Values: ENABLED | DISABLEDRequired: Yes 
- SeverityRating
- 
               The severity of a security control. For more information about how Security Hub determines control severity, see Assigning severity to control findings in the Security Hub User Guide. Type: String Valid Values: LOW | MEDIUM | HIGH | CRITICALRequired: Yes 
- Title
- 
               The title of a security control. Type: String Pattern: .*\S.*Required: Yes 
- LastUpdateReason
- 
               The most recent reason for updating the customizable properties of a security control. This differs from the UpdateReasonfield of theBatchUpdateStandardsControlAssociationsAPI, which tracks the reason for updating the enablement status of a control. This field accepts alphanumeric characters in addition to white spaces, dashes, and underscores.Type: String Pattern: ^([^\u0000-\u007F]|[-_ a-zA-Z0-9])+$Required: No 
- Parameters
- 
               An object that identifies the name of a control parameter, its current value, and whether it has been customized. Type: String to ParameterConfiguration object map Key Pattern: .*\S.*Required: No 
- UpdateStatus
- 
               Identifies whether customizable properties of a security control are reflected in Security Hub findings. A status of READYindicates that Security Hub uses the current control parameter values when running security checks of the control. A status ofUPDATINGindicates that all security checks might not use the current parameter values.Type: String Valid Values: READY | UPDATINGRequired: No 
See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following: