From 84c0c91ed04f1c09bac92d43837be78e597a9ea9 Mon Sep 17 00:00:00 2001 From: Das Date: Wed, 31 Mar 2021 10:40:09 -0400 Subject: [PATCH] added code for securityhub scp --- guardrails/securityhub/SCP-SECHUB-1.json | 35 ++++++++++++++++++++++++ 1 file changed, 35 insertions(+) create mode 100644 guardrails/securityhub/SCP-SECHUB-1.json diff --git a/guardrails/securityhub/SCP-SECHUB-1.json b/guardrails/securityhub/SCP-SECHUB-1.json new file mode 100644 index 0000000..8ca5a50 --- /dev/null +++ b/guardrails/securityhub/SCP-SECHUB-1.json @@ -0,0 +1,35 @@ +{ + "Identifier": "SCP-SECHUB-1", + "Guardrail": "Prevent leaving centralization of SecurityHub accounts", + "Rationale": [ + "When SecurityHub is enabled and consolidated within for the AWS Organization, the member accounts should not leave the organization" + ], + "Test Scenarios": [ + { + "Test-Scenario": "Disable Security Hub from member account", + "Steps": [ + "Log in to the AWS console with a role that has access to SecurityHub in member account", + "Goto Settings>General , scroll to the bottom of the page and click Disable AWS Security Hub" + ], + "Expected-Result": "Access Denied" + }, + { + "Test-Scenario": "Dissociate Security Hub from SecurityHub administrator account", + "Steps": [ + "Log in to the AWS console with a role that has access to SecurityHub in member account", + "Goto Settings>Accounts , toggle the radio button to dissociate from Security Hub administrator account" + ], + "Expected-Result": "Access Denied" + } + ], + "References": [ + "https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-disable.html", + "https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-data-retention.html", + "https://docs.aws.amazon.com/securityhub/latest/userguide/accounts-orgs-disassociate.html" + ], + "Policy-Type": "SCP", + "SCP-Type": "Prevent-All", + "IAM Actions": ["securityhub:DisableSecurityHub", + "securityhub:DissociatefromMasterAccount" ], + "Resource": ["*"] +} \ No newline at end of file