View a markdown version of this page

AI Security Best Practices standard in Security Hub CSPM - AWS Security Hub

AI Security Best Practices standard in Security Hub CSPM

The AI Security Best Practices standard is a set of automated security checks that detect when deployed AI resources do not align with security best practices. Developed by AWS security experts, this standard provides a curated set of controls that help you identify areas where your AI workloads deviate from recommended security configurations.

In AWS Security Hub CSPM, the AI Security Best Practices standard includes controls that continuously evaluate your resources. The controls cover security domains including but not limited to network isolation, encryption at rest and in transit, VPC placement, AWS KMS key usage, and private registry requirements. Each control is assigned a category that reflects the security function that the control applies to. For a list of categories and additional details, see Control categories in Security Hub CSPM.

The AI Security Best Practices standard has the following Amazon Resource Name (ARN): arn:aws:securityhub:region::standards/ai-security-best-practices/v/1.0.0, where region is the Region code for the applicable AWS Region. You can also use the GetEnabledStandards operation of the Security Hub CSPM API to retrieve the ARN of a standard that's currently enabled.

Controls that apply to the standard

The following list specifies which AWS Security Hub CSPM controls apply to the AI Security Best Practices standard (v1.0.0). To review the details of a control, choose the control.