(rules): Create an AWS Foundational Security Best Practices (FSBP) rule set

[benbridts]

Description

Security Hub has the AWS Foundational Security Best Practices standard: https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-standards-fsbp.html

It would be nice if there was a rule set for this standard too

Use Case

Customers Using Security Hub can prevent misconfigured resources from being deployed

Proposed Solution

• Most of the Controls are based on Config, so the files probably already exist
• A map file can be created
• There were recently new rules announced, they probably have to be written

Other information

List of the controls: https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-standards-fsbp-controls.html New control: https://aws.amazon.com/about-aws/whats-new/2022/09/aws-security-hub-new-security-best-practice-control/

Acknowledge

• [ ] I may be able to implement this feature request
• [ ] This feature might incur a breaking change

[grolston]

Initially the conformance pack sample templates were used to create the first set of mapping files. This additional mapping could be pulled out from the documentation and mapped, though not all controls could be implemented.

[drmmarsunited]

I am actually working on plugging the gaps for this standard and contributing the mapping. Aiming to be done by end of November or before.