SecurityControl

The description of a security control across standards. This typically summarizes how Security Hub CSPM evaluates the control and the conditions under which it produces a failed finding. This parameter doesn't reference a specific standard.

The most recent reason for updating the customizable properties of a security control. This differs from the UpdateReason field of the BatchUpdateStandardsControlAssociations API, which tracks the reason for updating the enablement status of a control. This field accepts alphanumeric characters in addition to white spaces, dashes, and underscores.

An object that identifies the name of a control parameter, its current value, and whether it has been customized.

A link to Security Hub CSPM documentation that explains how to remediate a failed finding for a security control.

The Amazon Resource Name (ARN) for a security control across standards, such as arn:aws:securityhub:eu-central-1:123456789012:security-control/S3.1. This parameter doesn't mention a specific standard.

The unique identifier of a security control across standards. Values for this field typically consist of an Amazon Web Services service name and a number, such as APIGateway.3.

The enablement status of a security control in a specific standard.

The severity of a security control. For more information about how Security Hub CSPM determines control severity, see Assigning severity to control findings in the Security Hub CSPM User Guide.

The title of a security control.

Identifies whether customizable properties of a security control are reflected in Security Hub CSPM findings. A status of READY indicates that Security Hub CSPM uses the current control parameter values when running security checks of the control. A status of UPDATING indicates that all security checks might not use the current parameter values.