- Le plus récent
- Le plus de votes
- La plupart des commentaires
Hi,
When you enable CIS AWS Foundations Benchmark v1.4.0, AWS Security Hub will perform security checks against specific controls. Some of this controls can be custom rules that AWS Security Hub itself develops, but others use AWS Config managed rules. The latter is the case of the control [IAM.3] 'IAM user's access keys should be rotated every 90 days or less'.
To enable checks against this AWS Config rule, you will need to (1) enable AWS Config in your account, and (2) enable resource recording for required resources -see section Required AWS Config resources for CIS v1.4.0-.
Additionally, please note that [IAM.3] control is not supported in the following AWS regions: Cape Town, Hyderabad, Melbourne, Milan, Zurich, Spain, UAE.
Hope this fixes the issue,
Best!
In response to your edited message,
AWS Security Hub uses the Compliance Status of all the controls you have enabled to determine the overall Control Status. If one or more controls present a Compliance Status of FAILED, then the overall Control Status should be marked as FAILED, too.
The only reason I can think of causing this misalignment is that the statuses have been updated at different times (4 hours ago vs. 6 hours ago). Thus, they should sync in the next run, and the overall Control Status will be marked as FAILED.
Kind regards
Contenus pertinents
- demandé il y a un an
- Réponse acceptéedemandé il y a 7 mois
- demandé il y a un an
- demandé il y a un an
- AWS OFFICIELA mis à jour il y a 2 ans
- AWS OFFICIELA mis à jour il y a 2 ans
- AWS OFFICIELA mis à jour il y a un an
Please check update to the question with Screenshot so it is clear what anomaly I am facing