Enabling new controls in enabled standards automatically
AWS Security Hub regularly releases new controls and adds them to one or more standards. You can choose whether to automatically enable new controls in your enabled standards.
We recommend using Security Hub central configuration to automatically enable new security controls. You can create configuration policies that include a list of controls to be disabled across standards. All other controls, including newly released ones, are enabled by default. Alternatively, you can create policies that include a list of controls to be enabled across standards. All other controls, including newly released ones, are disabled by default. For more information, see Understanding central configuration in Security Hub.
Security Hub doesn't enable new controls when they are added to a standard that you haven't enabled.
The following instructions apply only if you don't use central configuration.
Choose your preferred access method, and follow the steps to automatically enable new controls in enabled standards.
Note
When you automatically enable new controls using the following instructions, you can interact with the controls in the console and programmatically immediately after release. However, automatically enabled controls have a temporary default status of Disabled. It can take up to several days for Security Hub to process the control release and designate the control as Enabled in your account. During the processing period, you can manually enable or disable a control, and Security Hub will maintain that designation regardless of whether you have automatic control enablement turned on.
If you don't automatically enable new controls, then you must enable them manually. For instructions, see Enabling controls in Security Hub.
