Le traduzioni sono generate tramite traduzione automatica. In caso di conflitto tra il contenuto di una traduzione e la versione originale in Inglese, quest'ultima prevarrà.
# Revisione e gestione dei risultati di controllo in Security Hub CSPM
La pagina dei dettagli del controllo mostra un elenco di risultati attivi per un controllo. L'elenco non include i risultati archiviati.
La pagina dei dettagli del controllo supporta l'aggregazione tra regioni. Se è stata impostata una regione di aggregazione, lo stato del controllo e l'elenco dei controlli di sicurezza nella pagina dei dettagli del controllo includono i controlli provenienti da tutti i collegamenti. Regioni AWS
L'elenco fornisce strumenti per filtrare e ordinare i risultati, in modo che tu possa concentrarti prima sui risultati più urgenti. Una scoperta può includere collegamenti ai dettagli delle risorse nella relativa console di servizio. Per i controlli basati su AWS Config regole, è possibile visualizzare i dettagli sulla regola.
Puoi anche utilizzare l'API CSPM AWS di Security Hub per recuperare un elenco di risultati e dettagli delle scoperte.
Per ulteriori informazioni, consulta [Revisione dei dettagli e della cronologia dei risultati](securityhub-findings-viewing.md#finding-view-details-console).
Per riflettere lo stato attuale dell'indagine su un risultato di controllo, imposti lo stato del flusso di lavoro. Per ulteriori informazioni, consulta [Impostazione dello stato del flusso di lavoro dei risultati in Security Hub CSPM](findings-workflow-status.md).
Puoi anche inviare alcuni risultati CSPM di Security Hub a un'azione personalizzata in Amazon. EventBridge Per ulteriori informazioni, consulta [Invio dei risultati a un'azione CSPM personalizzata di Security Hub](findings-custom-action.md).
**Topics**
+ [Filtraggio e ordinamento dei risultati del controllo](control-finding-list.md)
+ [Esempi di risultati di controllo](sample-control-findings.md)
# Filtraggio e ordinamento dei risultati del controllo
La selezione di un controllo dalla pagina **Controlli** della console AWS Security Hub CSPM o dalla pagina dei dettagli di uno standard porta alla pagina dei dettagli del controllo.
La pagina dei dettagli del controllo mostra il titolo e la descrizione del controllo, lo stato generale del controllo e un'analisi dettagliata dei controlli di sicurezza per il controllo nelle ultime 24 ore.
Utilizza le opzioni **Filtra** per accanto all'elenco dei controlli di controllo per concentrarti rapidamente sui risultati con uno stato del [flusso di lavoro o uno stato](findings-workflow-status.md) di [conformità](controls-overall-status.md#controls-overall-status-compliance-status) specifici.
Oltre alle opzioni **Filtra per**, puoi utilizzare la casella **Aggiungi filtro** per filtrare l'elenco dei controlli in base ad altri campi, come Account AWS ID o ID risorsa.
Per impostazione predefinita, i risultati con uno stato di conformità **PASSES** vengono elencati per primi. È possibile modificare l'ordinamento predefinito scegliendo un'opzione diversa nelle intestazioni delle colonne.
Dalla pagina dei dettagli del controllo, puoi scegliere **Scarica per scaricare** la pagina corrente dei risultati del controllo in un file.csv.
Se filtri l'elenco dei risultati, il download include solo i controlli che corrispondono al filtro. Se si selezionano risultati specifici dall'elenco, il download include solo i risultati selezionati.
Per ulteriori informazioni sul filtraggio dei risultati, consulta[Filtraggio dei risultati in Security Hub CSPM](securityhub-findings-manage.md).
# Esempi di risultati di controllo
Gli esempi seguenti forniscono esempi di risultati del controllo CSPM di AWS Security Hub nel AWS Security Finding Format (ASFF). Il contenuto dei risultati di controllo varia a seconda che siano stati abilitati o meno i risultati di controllo consolidati.
Se abiliti i risultati del controllo consolidato, Security Hub CSPM genera un singolo risultato per un controllo, anche se il controllo si applica a più standard abilitati. Se non abiliti questa funzionalità, Security Hub CSPM genera un risultato di controllo separato per ogni standard abilitato a cui si applica un controllo. Ad esempio, se si abilitano due standard e un controllo si applica a entrambi, si ottengono due risultati distinti per il controllo, uno per ogni standard. Se si abilitano i risultati del controllo consolidato, si riceve un solo risultato per il controllo. Per ulteriori informazioni, consulta [Risultati di controllo consolidati](controls-findings-create-update.md#consolidated-control-findings).
Gli esempi in questa pagina forniscono esempi per entrambi gli scenari. Gli esempi includono: risultati di controllo per i singoli standard CSPM di Security Hub quando i risultati del controllo consolidato sono disabilitati e risultati di controllo per più standard CSPM di Security Hub quando i risultati del controllo consolidato sono abilitati.
**Topics**
+ [Esempi di risultati relativi allo standard AWS Foundational Security Best Practices](#sample-finding-fsbp)
+ [Risultati di esempio per CIS AWS Foundations Benchmark v5.0.0](#sample-finding-cis-5)
+ [Risultati di esempio per CIS AWS Foundations Benchmark v3.0.0](#sample-finding-cis-3)
+ [Risultati di esempio per CIS AWS Foundations Benchmark v1.4.0](#sample-finding-cis-1.4)
+ [Risultati di esempio per CIS AWS Foundations Benchmark v1.2.0](#sample-finding-cis-1.2)
+ [Risultati di esempio per lo standard NIST SP 800-53 Revisione 5](#sample-finding-nist-800-53)
+ [Esempio di risultato per lo standard NIST SP 800-171 Revisione 2](#sample-finding-nist-800-171)
+ [Esempio di risultato relativo allo standard di sicurezza dei dati del settore delle carte di pagamento v3.2.1](#sample-finding-pcidss-v321)
+ [Esempio di risultato per lo standard AWS Resource Tagging](#sample-finding-tagging)
+ [Esempio di risultato per lo standard gestito dai AWS Control Tower servizi](#sample-finding-service-managed-aws-control-tower)
+ [Esempio di risultato consolidato per più standard](#sample-finding-consolidation)
**Nota**
I risultati del controllo fanno riferimento a campi e valori diversi nelle regioni e nelle AWS GovCloud (US) regioni della Cina. Per ulteriori informazioni, consulta [Impatto del consolidamento sui campi e sui valori ASFF](asff-changes-consolidation.md).
## Esempi di risultati relativi allo standard AWS Foundational Security Best Practices
L'esempio seguente fornisce un esempio di risultato relativo a un controllo che si applica allo standard AWS Foundational Security Best Practices (FSBP). In questo esempio, i risultati del controllo consolidato sono disabilitati.
```
{
"SchemaVersion": "2018-10-08",
"Id": "arn:aws:securityhub:us-east-2:123456789012:subscription/aws-foundational-security-best-practices/v/1.0.0/CloudTrail.2/finding/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111",
"ProductArn": "arn:aws:securityhub:us-east-2::product/aws/securityhub",
"ProductName": "Security Hub CSPM",
"CompanyName": "AWS",
"Region": "us-east-2",
"GeneratorId": "aws-foundational-security-best-practices/v/1.0.0/CloudTrail.2",
"AwsAccountId": "123456789012",
"Types": [
"Software and Configuration Checks/Industry and Regulatory Standards/AWS-Foundational-Security-Best-Practices"
],
"FirstObservedAt": "2020-08-06T02:18:23.076Z",
"LastObservedAt": "2021-09-28T16:10:06.956Z",
"CreatedAt": "2020-08-06T02:18:23.076Z",
"UpdatedAt": "2021-09-28T16:10:00.093Z",
"Severity": {
"Product": 40,
"Label": "MEDIUM",
"Normalized": 40,
"Original": "MEDIUM"
},
"Title": "CloudTrail.2 CloudTrail should have encryption at-rest enabled",
"Description": "This AWS control checks whether AWS CloudTrail is configured to use the server side encryption (SSE) AWS Key Management Service (AWS KMS) customer master key (CMK) encryption. The check will pass if the KmsKeyId is defined.",
"Remediation": {
"Recommendation": {
"Text": "For directions on how to correct this issue, consult the AWS Security Hub CSPM controls documentation.",
"Url": "https://docs.aws.amazon.com/console/securityhub/CloudTrail.2/remediation"
}
},
"ProductFields": {
"StandardsArn": "arn:aws:securityhub:::standards/aws-foundational-security-best-practices/v/1.0.0",
"StandardsSubscriptionArn": "arn:aws:securityhub:us-east-2:123456789012:subscription/aws-foundational-security-best-practices/v/1.0.0",
"ControlId": "CloudTrail.2",
"RecommendationUrl": "https://docs.aws.amazon.com/console/securityhub/CloudTrail.2/remediation",
"Related AWS Resources:0/name": "securityhub-cloud-trail-encryption-enabled-fe95bf3f",
"Related AWS Resources:0/type": "AWS::Config::ConfigRule",
"StandardsControlArn": "arn:aws:securityhub:us-east-2:123456789012:control/aws-foundational-security-best-practices/v/1.0.0/CloudTrail.2",
"aws/securityhub/ProductName": "Security Hub CSPM",
"aws/securityhub/CompanyName": "AWS",
"Resources:0/Id": "arn:aws:cloudtrail:us-east-2:123456789012:trail/AWS MacieTrail-DO-NOT-EDIT",
"aws/securityhub/FindingId": "arn:aws:securityhub:us-east-2::product/aws/securityhub/arn:aws:securityhub:us-east-2:123456789012:subscription/aws-foundational-security-best-practices/v/1.0.0/CloudTrail.2/finding/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111"
},
"Resources": [
{
"Type": "AwsCloudTrailTrail",
"Id": "arn:aws:cloudtrail:us-east-2:123456789012:trail/AWS MacieTrail-DO-NOT-EDIT",
"Partition": "aws",
"Region": "us-east-2"
}
],
"Compliance": {
"Status": "FAILED",
"SecurityControlId": "CloudTrail.2",
"AssociatedStandards": [{
"StandardsId": "standards/aws-foundation-best-practices/v/1.0.0"
}]
},
"WorkflowState": "NEW",
"Workflow": {
"Status": "NEW"
},
"RecordState": "ACTIVE",
"FindingProviderFields": {
"Severity": {
"Label": "MEDIUM",
"Original": "MEDIUM"
},
"Types": [
"Software and Configuration Checks/Industry and Regulatory Standards/AWS-Foundational-Security-Best-Practices"
]
}
}
```
## Risultati di esempio per CIS AWS Foundations Benchmark v5.0.0
L'esempio seguente fornisce un esempio di risultato relativo a un controllo che si applica a CIS Foundations Benchmark v5.0.0. AWS In questo esempio, i risultati del controllo consolidato sono disabilitati.
```
{
"AwsAccountId": "123456789012",
"CompanyName": "AWS",
"Compliance": {
"Status": "FAILED",
"SecurityControlId": "EC2.7",
"RelatedRequirements": [
"CIS AWS Foundations Benchmark v5.0.0/5.1.1"
],
"AssociatedStandards": [
{
"StandardsId": "standards/cis-aws-foundations-benchmark/v/5.0.0"
}
]
},
"CreatedAt": "2025-10-10T17:04:00.952Z",
"Description": "Elastic Compute Cloud (EC2) supports encryption at rest when using the Elastic Block Store (EBS) service. While disabled by default, forcing encryption at EBS volume creation is supported.",
"FindingProviderFields": {
"Types": [
"Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark"
],
"Severity": {
"Normalized": 40,
"Label": "MEDIUM",
"Product": 40,
"Original": "MEDIUM"
}
},
"FirstObservedAt": "2025-10-10T17:03:57.895Z",
"GeneratorId": "cis-aws-foundations-benchmark/v/5.0.0/5.1.1",
"Id": "arn:aws:securityhub:us-west-1:123456789012:subscription/cis-aws-foundations-benchmark/v/5.0.0/5.1.1/finding/443a9d3f-8a59-4fa0-8e2c-EXAMPLE111",
"LastObservedAt": "2025-10-14T05:22:28.667Z",
"ProcessedAt": "2025-10-14T05:22:50.099Z",
"ProductArn": "arn:aws:securityhub:us-west-1::product/aws/securityhub",
"ProductFields": {
"StandardsArn": "arn:aws:securityhub:::standards/cis-aws-foundations-benchmark/v/5.0.0",
"StandardsSubscriptionArn": "arn:aws:securityhub:us-west-1:123456789012:subscription/cis-aws-foundations-benchmark/v/5.0.0",
"ControlId": "5.1.1",
"RecommendationUrl": "https://docs.aws.amazon.com/console/securityhub/EC2.7/remediation",
"RelatedAWSResources:0/name": "securityhub-ec2-ebs-encryption-by-default-2a99554f",
"RelatedAWSResources:0/type": "AWS::Config::ConfigRule",
"StandardsControlArn": "arn:aws:securityhub:us-west-1:123456789012:control/cis-aws-foundations-benchmark/v/5.0.0/5.1.1",
"aws/securityhub/ProductName": "Security Hub CSPM",
"aws/securityhub/CompanyName": "AWS",
"aws/securityhub/annotation": "EBS Encryption by default is not enabled.",
"Resources:0/Id": "arn:aws:iam::123456789012:root",
"aws/securityhub/FindingId": "arn:aws:securityhub:us-west-1::product/aws/securityhub/arn:aws:securityhub:us-west-1:123456789012:subscription/cis-aws-foundations-benchmark/v/5.0.0/5.1.1/finding/443a9d3f-8a59-4fa0-8e2c-EXAMPLE111",
"PreviousComplianceStatus": "FAILED"
},
"ProductName": "Security Hub CSPM",
"RecordState": "ACTIVE",
"Region": "us-west-1",
"Remediation": {
"Recommendation": {
"Text": "For information on how to correct this issue, consult the AWS Security Hub controls documentation.",
"Url": "https://docs.aws.amazon.com/console/securityhub/EC2.7/remediation"
}
},
"Resources": [
{
"Id": "AWS::::Account:123456789012",
"Partition": "aws",
"Region": "us-west-1",
"Type": "AwsAccount"
}
],
"SchemaVersion": "2018-10-08",
"Severity": {
"Label": "MEDIUM",
"Normalized": 40,
"Original": "MEDIUM",
"Product": 40
},
"Title": "5.1.1 EBS default encryption should be enabled",
"Types": [
"Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark"
],
"UpdatedAt": "2025-10-14T05:22:38.671Z",
"Workflow": {
"Status": "NEW"
},
"WorkflowState": "NEW"
}
```
## Risultati di esempio per CIS AWS Foundations Benchmark v3.0.0
L'esempio seguente fornisce un esempio di risultato relativo a un controllo che si applica a CIS Foundations Benchmark v3.0.0. AWS In questo esempio, i risultati del controllo consolidato sono disabilitati.
```
{
"SchemaVersion": "2018-10-08",
"Id": "arn:aws:securityhub:us-east-1:123456789012:subscription/cis-aws-foundations-benchmark/v/3.0.0/2.2.1/finding/38a89798-6819-4fae-861f-9cca8034602c",
"ProductArn": "arn:aws:securityhub:us-east-1::product/aws/securityhub",
"ProductName": "Security Hub CSPM",
"CompanyName": "AWS",
"Region": "us-east-1",
"GeneratorId": "cis-aws-foundations-benchmark/v/3.0.0/2.2.1",
"AwsAccountId": "123456789012",
"Types": [
"Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark"
],
"FirstObservedAt": "2024-04-18T07:46:18.193Z",
"LastObservedAt": "2024-04-23T07:47:01.137Z",
"CreatedAt": "2024-04-18T07:46:18.193Z",
"UpdatedAt": "2024-04-23T07:46:46.165Z",
"Severity": {
"Product": 40,
"Label": "MEDIUM",
"Normalized": 40,
"Original": "MEDIUM"
},
"Title": "2.2.1 EBS default encryption should be enabled",
"Description": "Elastic Compute Cloud (EC2) supports encryption at rest when using the Elastic Block Store (EBS) service. While disabled by default, forcing encryption at EBS volume creation is supported.",
"Remediation": {
"Recommendation": {
"Text": "For information on how to correct this issue, consult the AWS Security Hub CSPM controls documentation.",
"Url": "https://docs.aws.amazon.com/console/securityhub/EC2.7/remediation"
}
},
"ProductFields": {
"StandardsArn": "arn:aws:securityhub:::standards/cis-aws-foundations-benchmark/v/3.0.0",
"StandardsSubscriptionArn": "arn:aws:securityhub:us-east-1:123456789012:subscription/cis-aws-foundations-benchmark/v/3.0.0",
"ControlId": "2.2.1",
"RecommendationUrl": "https://docs.aws.amazon.com/console/securityhub/EC2.7/remediation",
"RelatedAWSResources:0/name": "securityhub-ec2-ebs-encryption-by-default-2843ed9e",
"RelatedAWSResources:0/type": "AWS::Config::ConfigRule",
"StandardsControlArn": "arn:aws:securityhub:us-east-1:123456789012:control/cis-aws-foundations-benchmark/v/3.0.0/2.2.1",
"aws/securityhub/ProductName": "Security Hub CSPM",
"aws/securityhub/CompanyName": "AWS",
"aws/securityhub/annotation": "EBS Encryption by default is not enabled.",
"Resources:0/Id": "arn:aws:iam::123456789012:root",
"aws/securityhub/FindingId": "arn:aws:securityhub:us-east-1::product/aws/securityhub/arn:aws:securityhub:us-east-1:123456789012:subscription/cis-aws-foundations-benchmark/v/3.0.0/2.2.1/finding/38a89798-6819-4fae-861f-9cca8034602c"
},
"Resources": [
{
"Type": "AwsAccount",
"Id": "AWS::::Account:123456789012",
"Partition": "aws",
"Region": "us-east-1"
}
],
"Compliance": {
"Status": "FAILED",
"RelatedRequirements": [
"CIS AWS Foundations Benchmark v3.0.0/2.2.1"
],
"SecurityControlId": "EC2.7",
"AssociatedStandards": [
{
"StandardsId": "standards/cis-aws-foundations-benchmark/v/3.0.0"
}
]
},
"WorkflowState": "NEW",
"Workflow": {
"Status": "NEW"
},
"RecordState": "ACTIVE",
"FindingProviderFields": {
"Severity": {
"Label": "MEDIUM",
"Original": "MEDIUM"
},
"Types": [
"Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark"
]
},
"ProcessedAt": "2024-04-23T07:47:07.088Z"
}
```
## Risultati di esempio per CIS AWS Foundations Benchmark v1.4.0
L'esempio seguente fornisce un esempio di risultato di un controllo che si applica a AWS CIS Foundations Benchmark v1.4.0. In questo esempio, i risultati del controllo consolidato sono disabilitati.
```
{
"SchemaVersion": "2018-10-08",
"Id": "arn:aws:securityhub:us-east-1:123456789012:subscription/cis-aws-foundations-benchmark/v/1.4.0/3.7/finding/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111",
"ProductArn": "arn:aws:securityhub:us-east-1::product/aws/securityhub",
"ProductName": "Security Hub CSPM",
"CompanyName": "AWS",
"Region": "us-east-1",
"GeneratorId": "cis-aws-foundations-benchmark/v/1.4.0/3.7",
"AwsAccountId": "123456789012",
"Types": [
"Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark"
],
"FirstObservedAt": "2022-10-21T22:14:48.913Z",
"LastObservedAt": "2022-12-22T22:24:56.980Z",
"CreatedAt": "2022-10-21T22:14:48.913Z",
"UpdatedAt": "2022-12-22T22:24:52.409Z",
"Severity": {
"Product": 40,
"Label": "MEDIUM",
"Normalized": 40,
"Original": "MEDIUM"
},
"Title": "3.7 Ensure CloudTrail logs are encrypted at rest using KMS CMKs",
"Description": "AWS CloudTrail is a web service that records AWS API calls for an account and makes those logs available to users and resources in accordance with IAM policies. AWS Key Management Service (KMS) is a managed service that helps create and control the encryption keys used to encrypt account data, and uses Hardware Security Modules (HSMs) to protect the security of encryption keys. CloudTrail logs can be configured to leverage server side encryption (SSE) and AWS KMS customer created master keys (CMK) to further protect CloudTrail logs. It is recommended that CloudTrail be configured to use SSE-KMS.",
"Remediation": {
"Recommendation": {
"Text": "For directions on how to correct this issue, consult the AWS Security Hub CSPM controls documentation.",
"Url": "https://docs.aws.amazon.com/console/securityhub/CloudTrail.2/remediation"
}
},
"ProductFields": {
"StandardsArn": "arn:aws:securityhub:::standards/cis-aws-foundations-benchmark/v/1.4.0",
"StandardsSubscriptionArn": "arn:aws:securityhub:us-east-1:123456789012:subscription/cis-aws-foundations-benchmark/v/1.4.0",
"ControlId": "3.7",
"RecommendationUrl": "https://docs.aws.amazon.com/console/securityhub/CloudTrail.2/remediation",
"RelatedAWSResources:0/name": "securityhub-cloud-trail-encryption-enabled-855f82d1",
"RelatedAWSResources:0/type": "AWS::Config::ConfigRule",
"StandardsControlArn": "arn:aws:securityhub:us-east-1:123456789012:control/cis-aws-foundations-benchmark/v/1.4.0/3.7",
"aws/securityhub/ProductName": "Security Hub CSPM",
"aws/securityhub/CompanyName": "AWS",
"Resources:0/Id": "arn:aws:cloudtrail:us-west-2:123456789012:trail/AWS MacieTrail-DO-NOT-EDIT",
"aws/securityhub/FindingId": "arn:aws:securityhub:us-east-1::product/aws/securityhub/arn:aws:securityhub:us-east-1:123456789012:subscription/cis-aws-foundations-benchmark/v/1.4.0/3.7/finding/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111"
},
"Resources": [
{
"Type": "AwsCloudTrailTrail",
"Id": "arn:aws:cloudtrail:us-west-2:123456789012:trail/AWS MacieTrail-DO-NOT-EDIT",
"Partition": "aws",
"Region": "us-east-1"
}
],
"Compliance": {
"Status": "FAILED",
"RelatedRequirements": [
"CIS AWS Foundations Benchmark v1.4.0/3.7"
],
"SecurityControlId": "CloudTrail.2",
"AssociatedStandards": [{
"StandardsId": "standards/cis-aws-foundations-benchmark/v/1.4.0"
}]
},
"WorkflowState": "NEW",
"Workflow": {
"Status": "NEW"
},
"RecordState": "ACTIVE",
"FindingProviderFields": {
"Severity": {
"Label": "MEDIUM",
"Original": "MEDIUM"
},
"Types": [
"Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark"
]
}
}
```
## Risultati di esempio per CIS AWS Foundations Benchmark v1.2.0
L'esempio seguente fornisce un esempio di risultato relativo a un controllo che si applica a AWS CIS Foundations Benchmark v1.2.0. In questo esempio, i risultati del controllo consolidato sono disabilitati.
```
{
"SchemaVersion": "2018-10-08",
"Id": "arn:aws:securityhub:us-east-2:123456789012:subscription/cis-aws-foundations-benchmark/v/1.2.0/2.7/finding/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111",
"ProductArn": "arn:aws:securityhub:us-east-2::product/aws/securityhub",
"ProductName": "Security Hub CSPM",
"CompanyName": "AWS",
"Region": "us-east-2",
"GeneratorId": "arn:aws:securityhub:::ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule/2.7",
"AwsAccountId": "123456789012",
"Types": [
"Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark"
],
"FirstObservedAt": "2020-08-29T04:10:06.337Z",
"LastObservedAt": "2021-09-28T16:10:05.350Z",
"CreatedAt": "2020-08-29T04:10:06.337Z",
"UpdatedAt": "2021-09-28T16:10:00.087Z",
"Severity": {
"Product": 40,
"Label": "MEDIUM",
"Normalized": 40,
"Original": "MEDIUM"
},
"Title": "2.7 Ensure CloudTrail logs are encrypted at rest using KMS CMKs",
"Description": "AWS Key Management Service (KMS) is a managed service that helps create and control the encryption keys used to encrypt account data, and uses Hardware Security Modules (HSMs) to protect the security of encryption keys. CloudTrail logs can be configured to leverage server side encryption (SSE) and KMS customer created master keys (CMK) to further protect CloudTrail logs. It is recommended that CloudTrail be configured to use SSE-KMS.",
"Remediation": {
"Recommendation": {
"Text": "For directions on how to correct this issue, consult the AWS Security Hub CSPM controls documentation.",
"Url": "https://docs.aws.amazon.com/console/securityhub/CloudTrail.2/remediation"
}
},
"ProductFields": {
"StandardsGuideArn": "arn:aws:securityhub:::ruleset/cis-aws-foundations-benchmark/v/1.2.0",
"StandardsGuideSubscriptionArn": "arn:aws:securityhub:us-east-2:123456789012:subscription/cis-aws-foundations-benchmark/v/1.2.0",
"RuleId": "2.7",
"RecommendationUrl": "https://docs.aws.amazon.com/console/securityhub/CloudTrail.2/remediation",
"Related AWS Resources:0/name": "securityhub-cloud-trail-encryption-enabled-fe95bf3f",
"Related AWS Resources:0/type": "AWS::Config::ConfigRule",
"StandardsControlArn": "arn:aws:securityhub:us-east-2:123456789012:control/cis-aws-foundations-benchmark/v/1.2.0/2.7",
"aws/securityhub/ProductName": "Security Hub CSPM",
"aws/securityhub/CompanyName": "AWS",
"Resources:0/Id": "arn:aws:cloudtrail:us-east-2:123456789012:trail/AWS MacieTrail-DO-NOT-EDIT",
"aws/securityhub/FindingId": "arn:aws:securityhub:us-east-2::product/aws/securityhub/arn:aws:securityhub:us-east-2:123456789012:subscription/cis-aws-foundations-benchmark/v/1.2.0/2.7/finding/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111"
},
"Resources": [
{
"Type": "AwsCloudTrailTrail",
"Id": "arn:aws:cloudtrail:us-east-2:123456789012:trail/AWS MacieTrail-DO-NOT-EDIT",
"Partition": "aws",
"Region": "us-east-2"
}
],
"Compliance": {
"Status": "FAILED",
"SecurityControlId": "CloudTrail.2",
"AssociatedStandards": [{
"StandardsId": "ruleset/cis-aws-foundations-benchmark/v/1.2.0"
}]
},
"WorkflowState": "NEW",
"Workflow": {
"Status": "NEW"
},
"RecordState": "ACTIVE",
"FindingProviderFields": {
"Severity": {
"Label": "MEDIUM",
"Original": "MEDIUM"
},
"Types": [
"Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark"
]
}
}
```
## Risultati di esempio per lo standard NIST SP 800-53 Revisione 5
L'esempio seguente fornisce un esempio di risultato relativo a un controllo che si applica allo standard NIST SP 800-53 Revisione 5. In questo esempio, i risultati del controllo consolidato sono disabilitati.
```
{
"SchemaVersion": "2018-10-08",
"Id": "arn:aws:securityhub:us-east-1:123456789012:subscription/nist-800-53/v/5.0.0/CloudTrail.2/finding/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111",
"ProductArn": "arn:aws:securityhub:us-east-1::product/aws/securityhub",
"ProductName": "Security Hub CSPM",
"CompanyName": "AWS",
"Region": "us-east-1",
"GeneratorId": "nist-800-53/v/5.0.0/CloudTrail.2",
"AwsAccountId": "123456789012",
"Types": [
"Software and Configuration Checks/Industry and Regulatory Standards"
],
"FirstObservedAt": "2023-02-17T14:22:46.726Z",
"LastObservedAt": "2023-02-17T14:22:50.846Z",
"CreatedAt": "2023-02-17T14:22:46.726Z",
"UpdatedAt": "2023-02-17T14:22:46.726Z",
"Severity": {
"Product": 40,
"Label": "MEDIUM",
"Normalized": 40,
"Original": "MEDIUM"
},
"Title": "CloudTrail.2 CloudTrail should have encryption at-rest enabled",
"Description": "This AWS control checks whether AWS CloudTrail is configured to use the server side encryption (SSE) AWS Key Management Service (AWS KMS) customer master key (CMK) encryption. The check will pass if the KmsKeyId is defined.",
"Remediation": {
"Recommendation": {
"Text": "For directions on how to fix this issue, consult the AWS Security Hub CSPM NIST 800-53 R5 documentation.",
"Url": "https://docs.aws.amazon.com/console/securityhub/CloudTrail.2/remediation"
}
},
"ProductFields": {
"StandardsArn": "arn:aws:securityhub:::standards/nist-800-53/v/5.0.0",
"StandardsSubscriptionArn": "arn:aws:securityhub:us-east-1:123456789012:subscription/nist-800-53/v/5.0.0",
"ControlId": "CloudTrail.2",
"RecommendationUrl": "https://docs.aws.amazon.com/console/securityhub/CloudTrail.9/remediation",
"RelatedAWSResources:0/name": "securityhub-cloud-trail-encryption-enabled-fe95bf3f",
"RelatedAWSResources:0/type": "AWS::Config::ConfigRule",
"StandardsControlArn": "arn:aws:securityhub:us-east-2:123456789012:control/aws-foundational-security-best-practices/v/1.0.0/CloudTrail.2",
"aws/securityhub/ProductName": "Security Hub CSPM",
"aws/securityhub/CompanyName": "AWS",
"Resources:0/Id": "arn:aws:cloudtrail:us-west-2:123456789012:trail/AWS MacieTrail-DO-NOT-EDIT",
"aws/securityhub/FindingId": "arn:aws:securityhub:us-east-1::product/aws/securityhub/arn:aws:securityhub:us-east-1:123456789012:subscription/nist-800-53/v/5.0.0/CloudTrail.2/finding/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111"
},
"Resources": [
{
"Type": "AwsCloudTrailTrail",
"Id": "arn:aws:cloudtrail:us-east-1:123456789012:trail/AWS MacieTrail-DO-NOT-EDIT",
"Partition": "aws",
"Region": "us-east-1"
}
],
"Compliance": {
"Status": "FAILED",
"RelatedRequirements": [
"NIST.800-53.r5 AU-9",
"NIST.800-53.r5 CA-9(1)",
"NIST.800-53.r5 CM-3(6)",
"NIST.800-53.r5 SC-13",
"NIST.800-53.r5 SC-28",
"NIST.800-53.r5 SC-28(1)",
"NIST.800-53.r5 SC-7(10)",
"NIST.800-53.r5 SI-7(6)"
],
"SecurityControlId": "CloudTrail.2",
"AssociatedStandards": [
{
"StandardsId": "standards/nist-800-53/v/5.0.0"
}
]
},
"WorkflowState": "NEW",
"Workflow": {
"Status": "NEW"
},
"RecordState": "ACTIVE",
"FindingProviderFields": {
"Severity": {
"Label": "MEDIUM",
"Original": "MEDIUM"
},
"Types": [
"Software and Configuration Checks/Industry and Regulatory Standards"
]
},
"ProcessedAt": "2023-02-17T14:22:53.572Z"
}
```
## Esempio di risultato per lo standard NIST SP 800-171 Revisione 2
L'esempio seguente fornisce un esempio di risultato relativo a un controllo che si applica allo standard NIST SP 800-171 Revisione 2. In questo esempio, i risultati del controllo consolidato sono disabilitati.
```
{
"SchemaVersion": "2018-10-08",
"Id": "arn:aws:securityhub:us-east-1:123456789012:subscription/nist-800-171/v/2.0.0/CloudTrail.2/finding/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111",
"ProductArn": "arn:aws:securityhub:us-east-1::product/aws/securityhub",
"ProductName": "Security Hub",
"CompanyName": "AWS",
"Region": "us-east-1",
"GeneratorId": "nist-800-171/v/2.0.0/CloudTrail.2",
"AwsAccountId": "123456789012",
"AwsAccountName": "TestAcct",
"Types": [
"Software and Configuration Checks/Industry and Regulatory Standards"
],
"FirstObservedAt": "2025-05-29T05:23:58.690Z",
"LastObservedAt": "2025-05-30T05:50:11.898Z",
"CreatedAt": "2025-05-29T05:24:24.772Z",
"UpdatedAt": "2025-05-30T05:50:34.292Z",
"Severity": {
"Product": 40,
"Label": "MEDIUM",
"Normalized": 40,
"Original": "MEDIUM"
},
"Title": "CloudTrail.2 CloudTrail should have encryption at-rest enabled",
"Description": "This AWS control checks whether AWS CloudTrail is configured to use the server side encryption (SSE) AWS Key Management Service (AWS KMS) customer master key (CMK) encryption. The check will pass if the KmsKeyId is defined.",
"Remediation": {
"Recommendation": {
"Text": "For information on how to correct this issue, consult the AWS Security Hub CSPM controls documentation.",
"Url": "https://docs.aws.amazon.com/console/securityhub/CloudTrail.2/remediation"
}
},
"ProductFields": {
"StandardsArn": "arn:aws:securityhub:::standards/nist-800-171/v/2.0.0",
"StandardsSubscriptionArn": "arn:aws:securityhub:us-east-1:123456789012:subscription/nist-800-171/v/2.0.0",
"ControlId": "CloudTrail.2",
"RecommendationUrl": "https://docs.aws.amazon.com/console/securityhub/CloudTrail.2/remediation",
"RelatedAWSResources:0/name": "securityhub-cloud-trail-encryption-enabled-0ab1c2d4",
"RelatedAWSResources:0/type": "AWS::Config::ConfigRule",
"StandardsControlArn": "arn:aws:securityhub:us-east-1:123456789012:control/nist-800-171/v/2.0.0/CloudTrail.2",
"aws/securityhub/ProductName": "Security Hub",
"aws/securityhub/CompanyName": "AWS",
"Resources:0/Id": "arn:aws:cloudtrail:ca-central-1:123456789012:trail/aws-BaselineCloudTrail",
"aws/securityhub/FindingId": "arn:aws:securityhub:us-east-1::product/aws/securityhub/arn:aws:securityhub:us-east-1:123456789012:subscription/nist-800-171/v/2.0.0/CloudTrail.2/finding/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111"
},
"Resources": [
{
"Id": "arn:aws:cloudtrail:ca-central-1:123456789012:trail/aws-BaselineCloudTrail",
"Partition": "aws",
"Region": "us-east-1",
"Type": "AwsCloudTrailTrail"
}
],
"Compliance": {
"Status": "FAILED",
"SecurityControlId": "CloudTrail.2",
"RelatedRequirements": [
"NIST.800-171.r2/3.3.8"
],
"AssociatedStandards": [
{
"StandardsId": "standards/nist-800-171/v/2.0.0"
}
]
},
"Workflow": {
"Status": "NEW"
},
"WorkflowState": "NEW",
"RecordState": "ACTIVE",
"FindingProviderFields": {
"Types": [
"Software and Configuration Checks/Industry and Regulatory Standards"
],
"Severity": {
"Product": 40,
"Label": "MEDIUM",
"Normalized": 40,
"Original": "MEDIUM"
}
},
"ProcessedAt": "2025-05-30T05:50:40.297Z"
}
```
## Esempio di risultato relativo allo standard di sicurezza dei dati del settore delle carte di pagamento v3.2.1
L'esempio seguente fornisce un esempio di risultato relativo a un controllo che si applica al Payment Card Industry Data Security Standard (PCI DSS) v3.2.1. In questo esempio, i risultati del controllo consolidato sono disabilitati.
```
{
"SchemaVersion": "2018-10-08",
"Id": "arn:aws:securityhub:us-east-2:123456789012:subscription/pci-dss/v/3.2.1/PCI.CloudTrail.1/finding/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111",
"ProductArn": "arn:aws:securityhub:us-east-2::product/aws/securityhub",
"ProductName": "Security Hub CSPM",
"CompanyName": "AWS",
"Region": "us-east-2",
"GeneratorId": "pci-dss/v/3.2.1/PCI.CloudTrail.1",
"AwsAccountId": "123456789012",
"Types": [
"Software and Configuration Checks/Industry and Regulatory Standards/PCI-DSS"
],
"FirstObservedAt": "2020-08-06T02:18:23.089Z",
"LastObservedAt": "2021-09-28T16:10:06.942Z",
"CreatedAt": "2020-08-06T02:18:23.089Z",
"UpdatedAt": "2021-09-28T16:10:00.090Z",
"Severity": {
"Product": 40,
"Label": "MEDIUM",
"Normalized": 40,
"Original": "MEDIUM"
},
"Title": "PCI.CloudTrail.1 CloudTrail logs should be encrypted at rest using AWS KMS CMKs",
"Description": "This AWS control checks whether AWS CloudTrail is configured to use the server side encryption (SSE) AWS Key Management Service (AWS KMS) customer master key (CMK) encryption by checking if the KmsKeyId is defined.",
"Remediation": {
"Recommendation": {
"Text": "For directions on how to correct this issue, consult the AWS Security Hub CSPM controls documentation.",
"Url": "https://docs.aws.amazon.com/console/securityhub/CloudTrail.2/remediation"
}
},
"ProductFields": {
"StandardsArn": "arn:aws:securityhub:::standards/pci-dss/v/3.2.1",
"StandardsSubscriptionArn": "arn:aws:securityhub:us-east-2:123456789012:subscription/pci-dss/v/3.2.1",
"ControlId": "PCI.CloudTrail.1",
"RecommendationUrl": "https://docs.aws.amazon.com/console/securityhub/CloudTrail.2/remediation",
"Related AWS Resources:0/name": "securityhub-cloud-trail-encryption-enabled-fe95bf3f",
"Related AWS Resources:0/type": "AWS::Config::ConfigRule",
"StandardsControlArn": "arn:aws:securityhub:us-east-2:123456789012:control/pci-dss/v/3.2.1/PCI.CloudTrail.1",
"aws/securityhub/ProductName": "Security Hub CSPM",
"aws/securityhub/CompanyName": "AWS",
"Resources:0/Id": "arn:aws:cloudtrail:us-east-2:123456789012:trail/AWS MacieTrail-DO-NOT-EDIT",
"aws/securityhub/FindingId": "arn:aws:securityhub:us-east-2::product/aws/securityhub/arn:aws:securityhub:us-east-2:123456789012:subscription/pci-dss/v/3.2.1/PCI.CloudTrail.1/finding/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111"
},
"Resources": [
{
"Type": "AwsCloudTrailTrail",
"Id": "arn:aws:cloudtrail:us-east-2:123456789012:trail/AWS MacieTrail-DO-NOT-EDIT",
"Partition": "aws",
"Region": "us-east-2"
}
],
"Compliance": {
"Status": "FAILED",
"RelatedRequirements": [
"PCI DSS 3.4"
],
"SecurityControlId": "CloudTrail.2",
"AssociatedStandards": [{
"StandardsId": "standards/pci-dss/v/3.2.1"
}]
},
"WorkflowState": "NEW",
"Workflow": {
"Status": "NEW"
},
"RecordState": "ACTIVE",
"FindingProviderFields": {
"Severity": {
"Label": "MEDIUM",
"Original": "MEDIUM"
},
"Types": [
"Software and Configuration Checks/Industry and Regulatory Standards/PCI-DSS"
]
}
}
```
## Esempio di risultato per lo standard AWS Resource Tagging
L'esempio seguente fornisce un esempio di ricerca di un controllo che si applica allo standard AWS Resource Tagging. In questo esempio, i risultati del controllo consolidato sono disabilitati.
```
{
"SchemaVersion": "2018-10-08",
"Id": "arn:aws:securityhub:eu-central-1:123456789012:security-control/EC2.44/finding/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111",
"ProductArn": "arn:aws:securityhub:eu-central-1::product/aws/securityhub",
"ProductName": "Security Hub CSPM",
"CompanyName": "AWS",
"Region": "eu-central-1",
"GeneratorId": "security-control/EC2.44",
"AwsAccountId": "123456789012",
"Types": [
"Software and Configuration Checks/Industry and Regulatory Standards"
],
"FirstObservedAt": "2024-02-19T21:00:32.206Z",
"LastObservedAt": "2024-04-29T13:01:57.861Z",
"CreatedAt": "2024-02-19T21:00:32.206Z",
"UpdatedAt": "2024-04-29T13:01:41.242Z",
"Severity": {
"Label": "LOW",
"Normalized": 1,
"Original": "LOW"
},
"Title": "EC2 subnets should be tagged",
"Description": "This control checks whether an Amazon EC2 subnet has tags with the specific keys defined in the parameter requiredTagKeys. The control fails if the subnet doesn't have any tag keys or if it doesn't have all the keys specified in the parameter requiredTagKeys. If the parameter requiredTagKeys isn't provided, the control only checks for the existence of a tag key and fails if the subnet isn't tagged with any key. System tags, which are automatically applied and begin with aws:, are ignored.",
"Remediation": {
"Recommendation": {
"Text": "For information on how to correct this issue, consult the AWS Security Hub CSPM controls documentation.",
"Url": "https://docs.aws.amazon.com/console/securityhub/EC2.44/remediation"
}
},
"ProductFields": {
"RelatedAWSResources:0/name": "securityhub-tagged-ec2-subnet-6ceafede",
"RelatedAWSResources:0/type": "AWS::Config::ConfigRule",
"aws/securityhub/ProductName": "Security Hub CSPM",
"aws/securityhub/CompanyName": "AWS",
"aws/securityhub/annotation": "No tags are present.",
"Resources:0/Id": "arn:aws:ec2:eu-central-1:123456789012:subnet/subnet-1234567890abcdef0",
"aws/securityhub/FindingId": "arn:aws:securityhub:eu-central-1::product/aws/securityhub/arn:aws:securityhub:eu-central-1:123456789012:security-control/EC2.44/finding/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111"
},
"Resources": [
{
"Type": "AwsEc2Subnet",
"Id": "arn:aws:ec2:eu-central-1:123456789012:subnet/subnet-1234567890abcdef0",
"Partition": "aws",
"Region": "eu-central-1",
"Details": {
"AwsEc2Subnet": {
"AssignIpv6AddressOnCreation": false,
"AvailabilityZone": "eu-central-1b",
"AvailabilityZoneId": "euc1-az3",
"AvailableIpAddressCount": 4091,
"CidrBlock": "10.24.34.0/23",
"DefaultForAz": true,
"MapPublicIpOnLaunch": true,
"OwnerId": "123456789012",
"State": "available",
"SubnetArn": "arn:aws:ec2:eu-central-1:123456789012:subnet/subnet-1234567890abcdef0",
"SubnetId": "subnet-1234567890abcdef0",
"VpcId": "vpc-021345abcdef6789"
}
}
}
],
"Compliance": {
"Status": "FAILED",
"SecurityControlId": "EC2.44",
"AssociatedStandards": [
{
"StandardsId": "standards/aws-resource-tagging-standard/v/1.0.0"
}
],
"SecurityControlParameters": [
{
"Name": "requiredTagKeys",
"Value": [
"peepoo"
]
}
],
},
"WorkflowState": "NEW",
"Workflow": {
"Status": "NEW"
},
"RecordState": "ACTIVE",
"FindingProviderFields": {
"Severity": {
"Label": "LOW",
"Original": "LOW"
},
"Types": [
"Software and Configuration Checks/Industry and Regulatory Standards"
]
},
"ProcessedAt": "2024-04-29T13:02:03.259Z"
}
```
## Esempio di risultato per lo standard gestito dai AWS Control Tower servizi
L'esempio seguente fornisce un esempio di risultato relativo a un controllo che si applica allo standard gestito dai AWS Control Tower servizi. In questo esempio, i risultati del controllo consolidato sono disabilitati.
```
{
"SchemaVersion": "2018-10-08",
"Id": "arn:aws:securityhub:us-east-1:123456789012:subscription/service-managed-aws-control-tower/v/1.0.0/CloudTrail.2/finding/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111",
"ProductArn": "arn:aws:securityhub:us-east-1::product/aws/securityhub",
"ProductName": "Security Hub CSPM",
"CompanyName": "AWS",
"Region": "us-east-1",
"GeneratorId": "service-managed-aws-control-tower/v/1.0.0/CloudTrail.2",
"AwsAccountId": "123456789012",
"Types": [
"Software and Configuration Checks/Industry and Regulatory Standards"
],
"FirstObservedAt": "2022-11-17T01:25:30.296Z",
"LastObservedAt": "2022-11-17T01:25:45.805Z",
"CreatedAt": "2022-11-17T01:25:30.296Z",
"UpdatedAt": "2022-11-17T01:25:30.296Z",
"Severity": {
"Product": 40,
"Label": "MEDIUM",
"Normalized": 40,
"Original": "MEDIUM"
},
"Title": "CT.CloudTrail.2 CloudTrail should have encryption at-rest enabled",
"Description": "This AWS control checks whether AWS CloudTrail is configured to use the server side encryption (SSE) AWS Key Management Service (AWS KMS) customer master key (CMK) encryption. The check will pass if the KmsKeyId is defined.",
"Remediation": {
"Recommendation": {
"Text": "For information on how to correct this issue, consult the AWS Security Hub CSPM controls documentation.",
"Url": "https://docs.aws.amazon.com/console/securityhub/CloudTrail.2/remediation"
}
},
"ProductFields": {
"StandardsArn": "arn:aws:securityhub:::standards/service-managed-aws-control-tower/v/1.0.0",
"StandardsSubscriptionArn": "arn:aws:securityhub:us-east-1:123456789012:subscription/service-managed-aws-control-tower/v/1.0.0",
"ControlId": "CT.CloudTrail.2",
"RecommendationUrl": "https://docs.aws.amazon.com/console/securityhub/CloudTrail.2/remediation",
"RelatedAWSResources:0/name": "securityhub-cloud-trail-encryption-enabled-fe95bf3f",
"RelatedAWSResources:0/type": "AWS::Config::ConfigRule",
"StandardsControlArn": "arn:aws:securityhub:us-east-1:123456789012:control/service-managed-aws-control-tower/v/1.0.0/CloudTrail.2",
"aws/securityhub/ProductName": "Security Hub CSPM",
"aws/securityhub/CompanyName": "AWS",
"Resources:0/Id": "arn:aws:cloudtrail:us-east-2:123456789012:trail/AWSMacieTrail-DO-NOT-EDIT",
"aws/securityhub/FindingId": "arn:aws:securityhub:us-east-1::product/aws/securityhub/arn:aws:securityhub:us-east-1:123456789012:subscription/service-managed-aws-control-tower/v/1.0.0/CloudTrail.2/finding/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111"
},
"Resources": [
{
"Type": "AwsAccount",
"Id": "AWS::::Account:123456789012",
"Partition": "aws",
"Region": "us-east-1"
}
],
"Compliance": {
"Status": "FAILED",
"SecurityControlId": "CloudTrail.2",
"AssociatedStandards": [{
"StandardsId": "standards/service-managed-aws-control-tower/v/1.0.0"
}]
},
"WorkflowState": "NEW",
"Workflow": {
"Status": "NEW"
},
"RecordState": "ACTIVE",
"FindingProviderFields": {
"Severity": {
"Label": "MEDIUM",
"Original": "MEDIUM"
},
"Types": [
"Software and Configuration Checks/Industry and Regulatory Standards"
]
}
}
```
## Esempio di risultato consolidato per più standard
L'esempio seguente fornisce un esempio di risultato relativo a un controllo che si applica a più standard abilitati. In questo esempio, i risultati del controllo consolidato sono abilitati.
```
{
"SchemaVersion": "2018-10-08",
"Id": "arn:aws:securityhub:us-east-1:123456789012:security-control/CloudTrail.2/finding/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111",
"ProductArn": "arn:aws:securityhub:us-east-1::product/aws/securityhub",
"ProductName": "Security Hub",
"CompanyName": "AWS",
"Region": "us-east-1",
"GeneratorId": "security-control/CloudTrail.2",
"AwsAccountId": "123456789012",
"Types": [
"Software and Configuration Checks/Industry and Regulatory Standards"
],
"FirstObservedAt": "2024-08-09T14:57:04.521Z",
"LastObservedAt": "2025-05-30T03:30:17.407Z",
"CreatedAt": "2024-08-09T14:57:04.521Z",
"UpdatedAt": "2025-05-30T03:30:32.781Z",
"Severity": {
"Label": "MEDIUM",
"Normalized": 40,
"Original": "MEDIUM"
},
"Title": "CloudTrail should have encryption at-rest enabled",
"Description": "This AWS control checks whether AWS CloudTrail is configured to use the server side encryption (SSE) AWS Key Management Service (AWS KMS) customer master key (CMK) encryption. The check will pass if the KmsKeyId is defined.",
"Remediation": {
"Recommendation": {
"Text": "For information on how to correct this issue, consult the AWS Security Hub CSPM controls documentation.",
"Url": "https://docs.aws.amazon.com/console/securityhub/CloudTrail.2/remediation"
}
},
"ProductFields": {
"RelatedAWSResources:0/name": "securityhub-cloud-trail-encryption-enabled-01a2b345",
"RelatedAWSResources:0/type": "AWS::Config::ConfigRule",
"aws/securityhub/ProductName": "Security Hub",
"aws/securityhub/CompanyName": "AWS",
"Resources:0/Id": "arn:aws:cloudtrail:us-east-1:123456789012:trail/TestTrail-DO-NOT-DELETE",
"aws/securityhub/FindingId": "arn:aws:securityhub:us-east-1::product/aws/securityhub/arn:aws:securityhub:us-east-1:123456789012:security-control/CloudTrail.2/finding/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111"
},
"Resources": [
{
"Type": "AwsCloudTrailTrail",
"Id": "arn:aws:cloudtrail:us-east-1:123456789012:trail/TestTrail-DO-NOT-DELETE",
"Partition": "aws",
"Region": "us-east-1",
"Details": {
"AwsCloudTrailTrail": {
"HasCustomEventSelectors": false,
"IncludeGlobalServiceEvents": true,
"LogFileValidationEnabled": true,
"HomeRegion": "us-east-1",
"IsMultiRegionTrail": true,
"S3BucketName": "cloudtrail-awslogs-do-not-delete",
"IsOrganizationTrail": false,
"Name": "TestTrail-DO-NOT-DELETE"
}
}
}
],
"Compliance": {
"Status": "FAILED",
"SecurityControlId": "CloudTrail.2",
"RelatedRequirements": [
"CIS AWS Foundations Benchmark v1.2.0/2.7",
"CIS AWS Foundations Benchmark v1.4.0/3.7",
"CIS AWS Foundations Benchmark v3.0.0/3.5",
"NIST.800-171.r2/3.3.8",
"PCI DSS v3.2.1/3.4",
"PCI DSS v4.0.1/10.3.2"
],
"AssociatedStandards": [
{ "StandardsId": "ruleset/cis-aws-foundations-benchmark/v/1.2.0"},
{ "StandardsId": "standards/aws-foundational-security-best-practices/v/1.0.0"},
{ "StandardsId": "standards/cis-aws-foundations-benchmark/v/1.4.0"},
{ "StandardsId": "standards/cis-aws-foundations-benchmark/v/3.0.0"},
{ "StandardsId": "standards/nist-800-171/v/2.0.0"},
{ "StandardsId": "standards/pci-dss/v/3.2.1"},
{ "StandardsId": "standards/pci-dss/v/4.0.1"}
]
},
"Workflow": {
"Status": "NEW"
},
"WorkflowState": "NEW",
"RecordState": "ACTIVE",
"FindingProviderFields": {
"Types": [
"Software and Configuration Checks/Industry and Regulatory Standards"
],
"Severity": {
"Normalized": 40,
"Label": "MEDIUM",
"Original": "MEDIUM"
}
},
"ProcessedAt": "2025-05-30T03:31:00.831Z"
}
```