SecurityHub / Client / list_security_control_definitions



Lists all of the security controls that apply to a specified standard.

See also: AWS API Documentation

Request Syntax

response = client.list_security_control_definitions(
  • StandardsArn (string) – The Amazon Resource Name (ARN) of the standard that you want to view controls for.

  • NextToken (string) – Optional pagination parameter.

  • MaxResults (integer) – An optional parameter that limits the total results of the API response to the specified number. If this parameter isn’t provided in the request, the results include the first 25 security controls that apply to the specified standard. The results also include a NextToken parameter that you can use in a subsequent API call to get the next 25 controls. This repeats until all controls for the standard are returned.

Return type:



Response Syntax

    'SecurityControlDefinitions': [
            'SecurityControlId': 'string',
            'Title': 'string',
            'Description': 'string',
            'RemediationUrl': 'string',
            'SeverityRating': 'LOW'|'MEDIUM'|'HIGH'|'CRITICAL',
            'CurrentRegionAvailability': 'AVAILABLE'|'UNAVAILABLE'
    'NextToken': 'string'

Response Structure

  • (dict) –

    • SecurityControlDefinitions (list) –

      An array of controls that apply to the specified standard.

      • (dict) –

        Provides metadata for a security control, including its unique standard-agnostic identifier, title, description, severity, availability in Amazon Web Services Regions, and a link to remediation steps.

        • SecurityControlId (string) –

          The unique identifier of a security control across standards. Values for this field typically consist of an Amazon Web Service name and a number (for example, APIGateway.3). This parameter differs from SecurityControlArn, which is a unique Amazon Resource Name (ARN) assigned to a control. The ARN references the security control ID (for example, arn:aws:securityhub:eu-central-1:123456789012:security-control/APIGateway.3).

        • Title (string) –

          The title of a security control.

        • Description (string) –

          The description of a security control across standards. This typically summarizes how Security Hub evaluates the control and the conditions under which it produces a failed finding. This parameter doesn’t reference a specific standard.

        • RemediationUrl (string) –

          A link to Security Hub documentation that explains how to remediate a failed finding for a security control.

        • SeverityRating (string) –

          The severity of a security control. For more information about how Security Hub determines control severity, see Assigning severity to control findings in the Security Hub User Guide.

        • CurrentRegionAvailability (string) –

          Specifies whether a security control is available in the current Amazon Web Services Region.

    • NextToken (string) –

      A pagination parameter that’s included in the response only if it was included in the request.


  • SecurityHub.Client.exceptions.InternalException

  • SecurityHub.Client.exceptions.InvalidInputException

  • SecurityHub.Client.exceptions.InvalidAccessException

  • SecurityHub.Client.exceptions.LimitExceededException