Last reviewed:
AWS Foundational Security Best Practices. A Security Hub standard that runs ~200 automated checks against an AWS account.
FSBP (AWS Foundational Security Best Practices) is one of several standards Amazon publishes through AWS Security Hub. Each control is a deterministic check (e.g., iam.4 "IAM root user should not have access keys", s3.5 "S3 buckets should require requests to use SSL", kms.1 "Customer-managed KMS keys should have key rotation enabled") that runs on a schedule and produces a Security Hub finding when the check fails.
FSBP is the closest thing to a baseline cloud-security configuration audit AWS provides natively. Many of its controls map cleanly to MITRE ATT&CK techniques: iam.* checks tie back to T1078 Valid Accounts, kms.* checks tie back to T1486 Data Encrypted for Impact, cloudtrail.* checks tie back to T1562.008 Disable Cloud Logs.
DCV reads enabled FSBP controls from Security Hub and uses the catalog as a coverage signal. When an account has the FSBP standard enabled, DCV can attribute Significant coverage to several ATT&CK techniques without any additional instrumentation.