Security Hub & standards
Aggregate, normalize, and score against CIS/FSBP.
Turn on enough AWS security services and you drown in findings from GuardDuty, Inspector, Macie, IAM Access Analyzer, and Config — each in its own console, its own format. Security Hub is the aggregation layer that makes that volume actionable.
Aggregate, normalize, score
Security Hub ingests findings from AWS services and partners into one normalized schema (ASFF), deduplicates them, and gives each a severity and a single cross-account view. On top of aggregation it runs standards checks — CIS AWS Foundations, AWS Foundational Security Best Practices, PCI — continuously scoring your posture against known benchmarks and telling you which controls are failing where.
# Designate a delegated admin and enable Security Hub org-wide.aws securityhub enable-organization-admin-account --admin-account-id 333333333333aws securityhub update-organization-configuration --auto-enable# Subscribe to the standards you must evidence:aws securityhub batch-enable-standards --standards-subscription-requests \'[{"StandardsArn":"arn:aws:securityhub:::standards/aws-foundational-security-best-practices/v/1.0.0"}]'
From dashboard to workflow
Aggregation only pays off when findings drive work. Use Security Hub’s finding aggregation region for a global view, custom insights to slice by team or resource, and EventBridge to route high-severity or specific control failures into ticketing and automated remediation. Suppress the known-benign with automation rules so responders see signal, not noise — alert quality is a first-class concern, not an afterthought.