SecurityHub.Client.
list_security_control_definitions
(**kwargs)¶Lists all of the security controls that apply to a specified standard.
See also: AWS API Documentation
Request Syntax
response = client.list_security_control_definitions(
StandardsArn='string',
NextToken='string',
MaxResults=123
)
NextToken
parameter that you can use in a subsequent API call to get the next 25 controls. This repeats until all controls for the standard are returned.dict
Response Syntax
{
'SecurityControlDefinitions': [
{
'SecurityControlId': 'string',
'Title': 'string',
'Description': 'string',
'RemediationUrl': 'string',
'SeverityRating': 'LOW'|'MEDIUM'|'HIGH'|'CRITICAL',
'CurrentRegionAvailability': 'AVAILABLE'|'UNAVAILABLE'
},
],
'NextToken': 'string'
}
Response Structure
(dict) --
SecurityControlDefinitions (list) --
An array of controls that apply to the specified standard.
(dict) --
Provides metadata for a security control, including its unique standard-agnostic identifier, title, description, severity, availability in Amazon Web Services Regions, and a link to remediation steps.
SecurityControlId (string) --
The unique identifier of a security control across standards. Values for this field typically consist of an Amazon Web Service name and a number (for example, APIGateway.3). This parameter differs from SecurityControlArn
, which is a unique Amazon Resource Name (ARN) assigned to a control. The ARN references the security control ID (for example, arn:aws:securityhub:eu-central-1:123456789012:security-control/APIGateway.3).
Title (string) --
The title of a security control.
Description (string) --
The description of a security control across standards. This typically summarizes how Security Hub evaluates the control and the conditions under which it produces a failed finding. This parameter doesn't reference a specific standard.
RemediationUrl (string) --
A link to Security Hub documentation that explains how to remediate a failed finding for a security control.
SeverityRating (string) --
The severity of a security control. For more information about how Security Hub determines control severity, see Assigning severity to control findings in the Security Hub User Guide .
CurrentRegionAvailability (string) --
Specifies whether a security control is available in the current Amazon Web Services Region.
NextToken (string) --
A pagination parameter that's included in the response only if it was included in the request.
Exceptions
SecurityHub.Client.exceptions.InternalException
SecurityHub.Client.exceptions.InvalidInputException
SecurityHub.Client.exceptions.InvalidAccessException
SecurityHub.Client.exceptions.LimitExceededException