Security Score by Standards

Check Evaluation by Each Standard

After some time, Security Hub will provide evaluations based on scores and identify existing security risks in your account. To list the risks found, you can access each standard to view the evaluation scores:

  1. Log in to the Amazon Management Console. In the search bar, type and search for the Security Hub CSPM service.

Security Hub

  1. In the left navigation bar, select Security standards to view an overview of evaluation scores for each security assessment standard.

  2. To view detailed evaluation criteria for each standard, select View results (for each standard).

    • Example: Foundational Security Best Practices v1.0.0 standard

Security Hub

Security Hub

  1. If you have some criteria that you don’t want to apply, to exclude them from evaluation, you can select that criterion in the standard’s list.
    • Example: You want to exclude EC2 instances managed by Systems Manager should have an association compliance status of COMPLIANT from the PCI DSS v3.2.1 standard. Select View results

Security Hub

  1. Then select EC2 instances managed by Systems Manager should have an association compliance status of COMPLIANT

Security Hub

  • On the criterion details page, then select Disable control.

Security Hub

  • Enter the reason for exclusion Not aligned to risk threshold , select Disable.

Security Hub