SecurityHub / Client / batch_get_standards_control_associations

batch_get_standards_control_associations#

SecurityHub.Client.batch_get_standards_control_associations(**kwargs)#

For a batch of security controls and standards, identifies whether each control is currently enabled or disabled in a standard.

See also: AWS API Documentation

Request Syntax

response = client.batch_get_standards_control_associations(
    StandardsControlAssociationIds=[
        {
            'SecurityControlId': 'string',
            'StandardsArn': 'string'
        },
    ]
)
Parameters:

StandardsControlAssociationIds (list) –

[REQUIRED]

An array with one or more objects that includes a security control (identified with SecurityControlId, SecurityControlArn, or a mix of both parameters) and the Amazon Resource Name (ARN) of a standard. This field is used to query the enablement status of a control in a specified standard. The security control ID or ARN is the same across standards.

  • (dict) –

    An array with one or more objects that includes a security control (identified with SecurityControlId, SecurityControlArn, or a mix of both parameters) and the Amazon Resource Name (ARN) of a standard. The security control ID or ARN is the same across standards.

    • SecurityControlId (string) – [REQUIRED]

      The unique identifier (identified with SecurityControlId, SecurityControlArn, or a mix of both parameters) of a security control across standards.

    • StandardsArn (string) – [REQUIRED]

      The ARN of a standard.

Return type:

dict

Returns:

Response Syntax

{
    'StandardsControlAssociationDetails': [
        {
            'StandardsArn': 'string',
            'SecurityControlId': 'string',
            'SecurityControlArn': 'string',
            'AssociationStatus': 'ENABLED'|'DISABLED',
            'RelatedRequirements': [
                'string',
            ],
            'UpdatedAt': datetime(2015, 1, 1),
            'UpdatedReason': 'string',
            'StandardsControlTitle': 'string',
            'StandardsControlDescription': 'string',
            'StandardsControlArns': [
                'string',
            ]
        },
    ],
    'UnprocessedAssociations': [
        {
            'StandardsControlAssociationId': {
                'SecurityControlId': 'string',
                'StandardsArn': 'string'
            },
            'ErrorCode': 'INVALID_INPUT'|'ACCESS_DENIED'|'NOT_FOUND'|'LIMIT_EXCEEDED',
            'ErrorReason': 'string'
        },
    ]
}

Response Structure

  • (dict) –

    • StandardsControlAssociationDetails (list) –

      Provides the enablement status of a security control in a specified standard and other details for the control in relation to the specified standard.

      • (dict) –

        Provides details about a control’s enablement status in a specified standard.

        • StandardsArn (string) –

          The Amazon Resource Name (ARN) of a security standard.

        • SecurityControlId (string) –

          The unique identifier of a security control across standards. Values for this field typically consist of an Amazon Web Services service name and a number, such as APIGateway.3.

        • SecurityControlArn (string) –

          The ARN of a security control across standards, such as arn:aws:securityhub:eu-central-1:123456789012:security-control/S3.1. This parameter doesn’t mention a specific standard.

        • AssociationStatus (string) –

          Specifies whether a control is enabled or disabled in a specified standard.

        • RelatedRequirements (list) –

          The requirement that underlies a control in the compliance framework related to the standard.

          • (string) –

        • UpdatedAt (datetime) –

          The time at which the enablement status of the control in the specified standard was last updated.

        • UpdatedReason (string) –

          The reason for updating the enablement status of a control in a specified standard.

        • StandardsControlTitle (string) –

          The title of a control. This field may reference a specific standard.

        • StandardsControlDescription (string) –

          The description of a control. This typically summarizes how Security Hub evaluates the control and the conditions under which it produces a failed finding. This parameter may reference a specific standard.

        • StandardsControlArns (list) –

          Provides the input parameter that Security Hub uses to call the UpdateStandardsControl API. This API can be used to enable or disable a control in a specified standard.

          • (string) –

    • UnprocessedAssociations (list) –

      A security control (identified with SecurityControlId, SecurityControlArn, or a mix of both parameters) whose enablement status in a specified standard cannot be returned.

      • (dict) –

        Provides details about which control’s enablement status couldn’t be retrieved in a specified standard when calling BatchUpdateStandardsControlAssociations. This parameter also provides details about why the request was unprocessed.

        • StandardsControlAssociationId (dict) –

          An array with one or more objects that includes a security control (identified with SecurityControlId, SecurityControlArn, or a mix of both parameters) and the Amazon Resource Name (ARN) of a standard. This parameter shows the specific controls for which the enablement status couldn’t be retrieved in specified standards when calling BatchUpdateStandardsControlAssociations.

          • SecurityControlId (string) –

            The unique identifier (identified with SecurityControlId, SecurityControlArn, or a mix of both parameters) of a security control across standards.

          • StandardsArn (string) –

            The ARN of a standard.

        • ErrorCode (string) –

          The error code for the unprocessed standard and control association.

        • ErrorReason (string) –

          The reason why the standard and control association was unprocessed.

Exceptions

  • SecurityHub.Client.exceptions.InternalException

  • SecurityHub.Client.exceptions.LimitExceededException

  • SecurityHub.Client.exceptions.InvalidAccessException

  • SecurityHub.Client.exceptions.InvalidInputException