list_standards_control_associations

list_standards_control_associations(**kwargs)

Specifies whether a control is currently enabled or disabled in each enabled standard in the calling account.

See also: AWS API Documentation

Request Syntax

response = client.list_standards_control_associations(
    SecurityControlId='string',
    NextToken='string',
    MaxResults=123
)
Parameters
  • SecurityControlId (string) --

    [REQUIRED]

    The identifier of the control (identified with SecurityControlId , SecurityControlArn , or a mix of both parameters) that you want to determine the enablement status of in each enabled standard.

  • NextToken (string) -- Optional pagination parameter.
  • MaxResults (integer) -- An optional parameter that limits the total results of the API response to the specified number. If this parameter isn't provided in the request, the results include the first 25 standard and control associations. The results also include a NextToken parameter that you can use in a subsequent API call to get the next 25 associations. This repeats until all associations for the specified control are returned. The number of results is limited by the number of supported Security Hub standards that you've enabled in the calling account.
Return type

dict

Returns

Response Syntax

{
    'StandardsControlAssociationSummaries': [
        {
            'StandardsArn': 'string',
            'SecurityControlId': 'string',
            'SecurityControlArn': 'string',
            'AssociationStatus': 'ENABLED'|'DISABLED',
            'RelatedRequirements': [
                'string',
            ],
            'UpdatedAt': datetime(2015, 1, 1),
            'UpdatedReason': 'string',
            'StandardsControlTitle': 'string',
            'StandardsControlDescription': 'string'
        },
    ],
    'NextToken': 'string'
}

Response Structure

  • (dict) --

    • StandardsControlAssociationSummaries (list) --

      An array that provides the enablement status and other details for each security control that applies to each enabled standard.

      • (dict) --

        An array that provides the enablement status and other details for each control that applies to each enabled standard.

        • StandardsArn (string) --

          The Amazon Resource Name (ARN) of a standard.

        • SecurityControlId (string) --

          A unique standard-agnostic identifier for a control. Values for this field typically consist of an Amazon Web Service and a number, such as APIGateway.5. This field doesn't reference a specific standard.

        • SecurityControlArn (string) --

          The ARN of a control, such as arn:aws:securityhub:eu-central-1:123456789012:security-control/S3.1 . This parameter doesn't mention a specific standard.

        • AssociationStatus (string) --

          The enablement status of a control in a specific standard.

        • RelatedRequirements (list) --

          The requirement that underlies this control in the compliance framework related to the standard.

          • (string) --
        • UpdatedAt (datetime) --

          The last time that a control's enablement status in a specified standard was updated.

        • UpdatedReason (string) --

          The reason for updating the control's enablement status in a specified standard.

        • StandardsControlTitle (string) --

          The title of a control.

        • StandardsControlDescription (string) --

          The description of a control. This typically summarizes how Security Hub evaluates the control and the conditions under which it produces a failed finding. The parameter may reference a specific standard.

    • NextToken (string) --

      A pagination parameter that's included in the response only if it was included in the request.

Exceptions

  • SecurityHub.Client.exceptions.InternalException
  • SecurityHub.Client.exceptions.LimitExceededException
  • SecurityHub.Client.exceptions.InvalidAccessException
  • SecurityHub.Client.exceptions.InvalidInputException