Implementing AWS Security Hub

When to Use

• When establishing a centralized security findings dashboard across multiple AWS accounts
• When enabling automated compliance checks against CIS, PCI-DSS, NIST, or AWS Foundational Security Best Practices
• When integrating findings from GuardDuty, Inspector, Macie, and third-party security tools
• When building automated remediation workflows for recurring security misconfigurations
• When preparing compliance evidence for auditors requiring continuous posture monitoring

Do not use for real-time threat detection (see detecting-cloud-threats-with-guardduty), for Azure compliance monitoring (see securing-azure-with-microsoft-defender), or for deep vulnerability scanning of container images (see securing-container-registry).

Prerequisites

• AWS Organization with a designated security administrator account
• AWS Config enabled in all target accounts and regions
• GuardDuty, Inspector, and Macie activated for finding integration
• IAM permissions for securityhub:* and config:* in the administrator account