Compliance - AWS Security Hub
ContentsSee Also

Compliance

This object typically provides details about a control finding, such as applicable standards and the status of control checks. While finding providers can add custom content in Compliance object fields, they are typically used to review details of Security Hub control findings.

Contents

AssociatedStandards

Typically provides an array of enabled security standards in which a security control is currently enabled.

Type: Array of AssociatedStandard objects

Required: No

RelatedRequirements

Typically provides the industry or regulatory framework requirements that are related to a control. The check for that control is aligned with these requirements.

Array Members: Maximum number of 32 items.

Type: Array of strings

Pattern: .*\S.*

Required: No

SecurityControlId

Typically provides the unique identifier of a control across standards. For Security Hub controls, this field consists of an AWS service and a unique number, such as APIGateway.5.

Type: String

Pattern: .*\S.*

Required: No

SecurityControlParameters

Typically an object that includes security control parameter names and values.

Type: Array of SecurityControlParameter objects

Required: No

Status

Typically summarizes the result of a control check.

For Security Hub controls, valid values for Status are as follows.

    • PASSED - Standards check passed for all evaluated resources.

    • WARNING - Some information is missing or this check is not supported for your configuration.

    • FAILED - Standards check failed for at least one evaluated resource.

    • NOT_AVAILABLE - Check could not be performed due to a service outage, API error, or because the result of the AWS Config evaluation was NOT_APPLICABLE. If the AWS Config evaluation result was NOT_APPLICABLE for a Security Hub control, Security Hub automatically archives the finding after 3 days.

Type: String

Valid Values: PASSED | WARNING | FAILED | NOT_AVAILABLE

Required: No

StatusReasons

Typically used to provide a list of reasons for the value of Status.

Type: Array of StatusReason objects

Required: No

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following: