Anomaly in AWS Security Hub Findings
I have enabled AWS Security Hub CIS AWS foundations benchmark 1.4.0 for my account.
The findings have passed the check IAM users' access keys should be rotated every 90 days or less.
But my account has many IAM users with access keys older then 90 days. So why is security Hub not able to catch those accounts in the scan. It has been more than week the security hub is enabled.
Can you please explain why status is passed even after compliance failure?
- 최신
- 최다 투표
- 가장 많은 댓글
Hi,
When you enable CIS AWS Foundations Benchmark v1.4.0, AWS Security Hub will perform security checks against specific controls. Some of this controls can be custom rules that AWS Security Hub itself develops, but others use AWS Config managed rules. The latter is the case of the control [IAM.3] 'IAM user's access keys should be rotated every 90 days or less'.
To enable checks against this AWS Config rule, you will need to (1) enable AWS Config in your account, and (2) enable resource recording for required resources -see section Required AWS Config resources for CIS v1.4.0-.
Additionally, please note that [IAM.3] control is not supported in the following AWS regions: Cape Town, Hyderabad, Melbourne, Milan, Zurich, Spain, UAE.
Hope this fixes the issue,
Best!
In response to your edited message,
AWS Security Hub uses the Compliance Status of all the controls you have enabled to determine the overall Control Status. If one or more controls present a Compliance Status of FAILED, then the overall Control Status should be marked as FAILED, too.
The only reason I can think of causing this misalignment is that the statuses have been updated at different times (4 hours ago vs. 6 hours ago). Thus, they should sync in the next run, and the overall Control Status will be marked as FAILED.
Kind regards
관련 콘텐츠
AWS 공식업데이트됨 2년 전- AWS 공식업데이트됨 일 년 전
- AWS 공식업데이트됨 2년 전
Please check update to the question with Screenshot so it is clear what anomaly I am facing