@aws-sdk/client-securityhub 3.454.0 → 3.459.0

package/dist-types/models/models_2.d.ts

@@ -1,7 +1,92 @@
 import { ExceptionOptionType as __ExceptionOptionType } from "@smithy/smithy-client";
-import { AccountDetails, Action, ActionTarget, Adjustment, AdminAccount, AssociationStatus, AutoEnableStandards, AutomationRulesAction, AutomationRulesConfig, AutomationRulesFindingFilters, AutomationRulesMetadata, AwsAmazonMqBrokerDetails, AwsApiGatewayRestApiDetails, AwsApiGatewayStageDetails, AwsApiGatewayV2ApiDetails, AwsApiGatewayV2StageDetails, AwsAppSyncGraphQlApiDetails, AwsAthenaWorkGroupDetails, AwsAutoScalingAutoScalingGroupDetails, AwsAutoScalingLaunchConfigurationDetails, AwsBackupBackupPlanDetails, AwsBackupBackupVaultDetails, AwsBackupRecoveryPointDetails, AwsCertificateManagerCertificateDetails, AwsCloudFormationStackDetails, AwsCloudFrontDistributionDetails, AwsCloudTrailTrailDetails, AwsCloudWatchAlarmDetails, AwsCodeBuildProjectDetails, AwsDmsEndpointDetails, AwsDmsReplicationInstanceDetails, AwsDmsReplicationTaskDetails, AwsDynamoDbTableDetails, AwsEc2EipDetails, AwsEc2InstanceDetails, AwsEc2LaunchTemplateDetails, AwsEc2NetworkAclDetails, AwsEc2NetworkInterfaceDetails, AwsEc2RouteTableDetails, AwsEc2SecurityGroupDetails, AwsEc2SubnetDetails, AwsEc2TransitGatewayDetails, AwsEc2VolumeDetails, AwsEc2VpcDetails, AwsEc2VpcEndpointServiceDetails, AwsEc2VpcPeeringConnectionDetails, AwsEc2VpnConnectionDetails, AwsEcrContainerImageDetails, AwsEcrRepositoryDetails, AwsEcsClusterDetails, AwsEcsContainerDetails, AwsEcsServiceDetails, AwsEcsTaskDefinitionDetails, DateFilter, MapFilter, NoteUpdate, NumberFilter, RelatedFinding, RuleStatus, SeverityLabel, SeverityUpdate, StringFilter, VerificationState, WorkflowStatus, WorkflowUpdate } from "./models_0";
-import { AwsEcsTaskDetails, AwsEfsAccessPointDetails, AwsEksClusterDetails, AwsElasticBeanstalkEnvironmentDetails, AwsElasticsearchDomainDetails, AwsElbLoadBalancerDetails, AwsElbv2LoadBalancerDetails, AwsEventSchemasRegistryDetails, AwsEventsEndpointDetails, AwsEventsEventbusDetails, AwsGuardDutyDetectorDetails, AwsIamAccessKeyDetails, AwsIamGroupDetails, AwsIamPolicyDetails, AwsIamRoleDetails, AwsIamUserDetails, AwsKinesisStreamDetails, AwsKmsKeyDetails, AwsLambdaFunctionDetails, AwsLambdaLayerVersionDetails, AwsMskClusterDetails, AwsNetworkFirewallFirewallDetails, AwsNetworkFirewallFirewallPolicyDetails, AwsNetworkFirewallRuleGroupDetails, AwsOpenSearchServiceDomainDetails, AwsRdsDbClusterDetails, AwsRdsDbClusterSnapshotDetails, AwsRdsDbInstanceDetails, AwsRdsDbSecurityGroupDetails, AwsRdsDbSnapshotDetails, AwsRdsEventSubscriptionDetails, AwsRedshiftClusterDetails, AwsRoute53HostedZoneDetails, AwsS3AccountPublicAccessBlockDetails, AwsS3BucketDetails, AwsS3ObjectDetails, AwsSageMakerNotebookInstanceDetails, AwsSecretsManagerSecretDetails, AwsSnsTopicDetails, AwsSqsQueueDetails, AwsSsmPatchComplianceDetails, AwsStepFunctionStateMachineDetails, AwsWafRateBasedRuleDetails, AwsWafRegionalRateBasedRuleDetails, AwsWafRegionalRuleDetails, AwsWafRegionalRuleGroupDetails, AwsWafRegionalWebAclDetails, AwsWafRuleDetails, AwsWafRuleGroupDetails, AwsWafv2ActionAllowDetails, AwsWafv2ActionBlockDetails, AwsWafv2RulesActionDetails, Compliance, DataClassificationDetails, FindingProviderFields, GeneratorDetails, Malware, Network, NetworkPathComponent, Note, PatchSummary, ProcessDetails, RecordState, Remediation } from "./models_1";
+import { AccountDetails, Action, ActionTarget, Adjustment, AdminAccount, AssociationFilters, AssociationStatus, AssociationType, AutoEnableStandards, AutomationRulesAction, AutomationRulesConfig, AutomationRulesFindingFilters, AutomationRulesMetadata, AwsAmazonMqBrokerDetails, AwsApiGatewayRestApiDetails, AwsApiGatewayStageDetails, AwsApiGatewayV2ApiDetails, AwsApiGatewayV2StageDetails, AwsAppSyncGraphQlApiDetails, AwsAthenaWorkGroupDetails, AwsAutoScalingAutoScalingGroupDetails, AwsAutoScalingLaunchConfigurationDetails, AwsBackupBackupPlanDetails, AwsBackupBackupVaultDetails, AwsBackupRecoveryPointDetails, AwsCertificateManagerCertificateDetails, AwsCloudFormationStackDetails, AwsCloudFrontDistributionDetails, AwsCloudTrailTrailDetails, AwsCloudWatchAlarmDetails, AwsCodeBuildProjectDetails, AwsDmsEndpointDetails, AwsDmsReplicationInstanceDetails, AwsDmsReplicationTaskDetails, AwsDynamoDbTableDetails, AwsEc2EipDetails, AwsEc2InstanceDetails, AwsEc2LaunchTemplateDetails, AwsEc2NetworkAclDetails, AwsEc2NetworkInterfaceDetails, AwsEc2RouteTableDetails, AwsEc2SecurityGroupDetails, AwsEc2SubnetDetails, AwsEc2TransitGatewayDetails, AwsEc2VolumeDetails, AwsEc2VpcDetails, AwsEc2VpcEndpointServiceDetails, AwsEc2VpcPeeringConnectionDetails, AwsEc2VpnConnectionDetails, AwsEcrContainerImageDetails, AwsEcrRepositoryDetails, AwsEcsClusterDetails, AwsEcsContainerDetails, AwsEcsServiceDetails, ConfigurationPolicyAssociationStatus, DateFilter, MapFilter, NoteUpdate, NumberFilter, RelatedFinding, RuleStatus, SeverityLabel, SeverityUpdate, StringFilter, VerificationState, WorkflowStatus, WorkflowUpdate } from "./models_0";
+import { AwsEcsTaskDefinitionDetails, AwsEcsTaskDetails, AwsEfsAccessPointDetails, AwsEksClusterDetails, AwsElasticBeanstalkEnvironmentDetails, AwsElasticsearchDomainDetails, AwsElbLoadBalancerDetails, AwsElbv2LoadBalancerDetails, AwsEventSchemasRegistryDetails, AwsEventsEndpointDetails, AwsEventsEventbusDetails, AwsGuardDutyDetectorDetails, AwsIamAccessKeyDetails, AwsIamGroupDetails, AwsIamPolicyDetails, AwsIamRoleDetails, AwsIamUserDetails, AwsKinesisStreamDetails, AwsKmsKeyDetails, AwsLambdaFunctionDetails, AwsLambdaLayerVersionDetails, AwsMskClusterDetails, AwsNetworkFirewallFirewallDetails, AwsNetworkFirewallFirewallPolicyDetails, AwsNetworkFirewallRuleGroupDetails, AwsOpenSearchServiceDomainDetails, AwsRdsDbClusterDetails, AwsRdsDbClusterSnapshotDetails, AwsRdsDbInstanceDetails, AwsRdsDbSecurityGroupDetails, AwsRdsDbSnapshotDetails, AwsRdsEventSubscriptionDetails, AwsRedshiftClusterDetails, AwsRoute53HostedZoneDetails, AwsS3AccountPublicAccessBlockDetails, AwsS3BucketDetails, AwsS3ObjectDetails, AwsSageMakerNotebookInstanceDetails, AwsSecretsManagerSecretDetails, AwsSnsTopicDetails, AwsSqsQueueDetails, AwsSsmPatchComplianceDetails, AwsStepFunctionStateMachineDetails, AwsWafRateBasedRuleDetails, AwsWafRegionalRateBasedRuleDetails, AwsWafRegionalRuleDetails, AwsWafRegionalRuleGroupDetails, AwsWafRegionalWebAclDetails, AwsWafRuleDetails, AwsWafRuleGroupDetails, AwsWafv2ActionAllowDetails, AwsWafv2CustomRequestHandlingDetails, AwsWafv2CustomResponseDetails, Compliance, DataClassificationDetails, FindingProviderFields, GeneratorDetails, Malware, Network, NetworkPathComponent, Note, PatchSummary, ProcessDetails, RecordState, Remediation } from "./models_1";
 import { SecurityHubServiceException as __BaseException } from "./SecurityHubServiceException";
+/**
+ * @public
+ * <p>
+ *          Specifies that WAF should block the request and optionally defines additional custom handling for the response to the web request.
+ *       </p>
+ */
+export interface AwsWafv2ActionBlockDetails {
+    /**
+     * @public
+     * <p>
+     *          Defines a custom response for the web request. For information, see
+     *          <a href="https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html">Customizing web requests and responses in WAF</a> in the <i>WAF Developer Guide.</i>.
+     *       </p>
+     */
+    CustomResponse?: AwsWafv2CustomResponseDetails;
+}
+/**
+ * @public
+ * <p>
+ *          Specifies that WAF should run a CAPTCHA check against the request.
+ *       </p>
+ */
+export interface AwsWafv2RulesActionCaptchaDetails {
+    /**
+     * @public
+     * <p>
+     *          Defines custom handling for the web request, used when the CAPTCHA inspection determines that the request's token is valid and unexpired. For more information,
+     *          see <a href="https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html">Customizing web requests and responses in WAF</a> in the <i>WAF Developer Guide.</i>.
+     *       </p>
+     */
+    CustomRequestHandling?: AwsWafv2CustomRequestHandlingDetails;
+}
+/**
+ * @public
+ * <p>
+ *          Specifies that WAF should count the request.
+ *       </p>
+ */
+export interface AwsWafv2RulesActionCountDetails {
+    /**
+     * @public
+     * <p>
+     *          Defines custom handling for the web request. For more information,
+     *          see <a href="https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html">Customizing web requests and responses in WAF</a> in the <i>WAF Developer Guide.</i>.
+     *       </p>
+     */
+    CustomRequestHandling?: AwsWafv2CustomRequestHandlingDetails;
+}
+/**
+ * @public
+ * <p>
+ *          The action that WAF should take on a web request when it matches a rule's statement.
+ *          Settings at the web ACL level can override the rule action setting.
+ *       </p>
+ */
+export interface AwsWafv2RulesActionDetails {
+    /**
+     * @public
+     * <p>
+     *          Instructs WAF to allow the web request.
+     *       </p>
+     */
+    Allow?: AwsWafv2ActionAllowDetails;
+    /**
+     * @public
+     * <p>
+     *          Instructs WAF to block the web request.
+     *       </p>
+     */
+    Block?: AwsWafv2ActionBlockDetails;
+    /**
+     * @public
+     * <p>
+     *          Instructs WAF to run a CAPTCHA check against the web request.
+     *       </p>
+     */
+    Captcha?: AwsWafv2RulesActionCaptchaDetails;
+    /**
+     * @public
+     * <p>
+     *          Instructs WAF to count the web request and then continue evaluating the request using the remaining rules in the web ACL.
+     *       </p>
+     */
+    Count?: AwsWafv2RulesActionCountDetails;
+}
 /**
  * @public
  * <p>
@@ -1135,6 +1220,20 @@ export interface Resource {
      * <p>Additional details about the resource related to a finding.</p>
      */
     Details?: ResourceDetails;
+    /**
+     * @public
+     * <p>
+     *             The name of the application that is related to a finding.
+     *         </p>
+     */
+    ApplicationName?: string;
+    /**
+     * @public
+     * <p>
+     *             The Amazon Resource Name (ARN) of the application that is related to a finding.
+     *         </p>
+     */
+    ApplicationArn?: string;
 }
 /**
  * @public
@@ -1150,7 +1249,7 @@ export interface Resource {
 export interface Severity {
     /**
      * @public
-     * <p>Deprecated. This attribute is being deprecated. Instead of providing
+     * <p>Deprecated. This attribute isn't included in findings. Instead of providing
      *             <code>Product</code>, provide <code>Original</code>.</p>
      *          <p>The native severity as defined by the Amazon Web Services service or integrated partner product that
      *          generated the finding.</p>
@@ -1210,7 +1309,7 @@ export interface Severity {
     Label?: SeverityLabel;
     /**
      * @public
-     * <p>Deprecated. The normalized severity of a finding. This attribute is being deprecated.
+     * <p>Deprecated. The normalized severity of a finding.
      *          Instead of providing <code>Normalized</code>, provide <code>Label</code>.</p>
      *          <p>If you provide <code>Label</code> and do not provide <code>Normalized</code>, then
      *             <code>Normalized</code> is set automatically as follows.</p>
@@ -2024,6 +2123,18 @@ export interface AwsSecurityFinding {
      *         </p>
      */
     GeneratorDetails?: GeneratorDetails;
+    /**
+     * @public
+     * <p>An ISO8601-formatted timestamp that indicates when Security Hub received a finding and begins to process it.</p>
+     *          <p>A correctly formatted example is <code>2020-05-21T20:16:34.724Z</code>. The value cannot contain spaces, and date and time should be separated by <code>T</code>. For more information, see <a href="https://www.rfc-editor.org/rfc/rfc3339#section-5.6">RFC 3339 section 5.6, Internet Date/Time Format</a>.</p>
+     */
+    ProcessedAt?: string;
+    /**
+     * @public
+     * <p>The name of the Amazon Web Services account from which a finding was generated.
+     *         </p>
+     */
+    AwsAccountName?: string;
 }
 /**
  * @public
@@ -2060,9 +2171,8 @@ export interface BooleanFilter {
 }
 /**
  * @public
- * <p>A collection of attributes that are applied to all active Security Hub-aggregated findings and
- *          that result in a subset of findings that are included in this insight.</p>
- *          <p>You can filter by up to 10 finding attributes. For each attribute, you can provide up to
+ * <p>A collection of filters that are applied to all active findings aggregated by Security Hub.</p>
+ *          <p>You can filter by up to ten finding attributes. For each attribute, you can provide up to
  *          20 filter values.</p>
  */
 export interface AwsSecurityFindingFilters {
@@ -2075,7 +2185,7 @@ export interface AwsSecurityFindingFilters {
     ProductArn?: StringFilter[];
     /**
      * @public
-     * <p>The Amazon Web Services account ID that a finding is generated in.</p>
+     * <p>The Amazon Web Services account ID in which a finding is generated.</p>
      */
     AwsAccountId?: StringFilter[];
     /**
@@ -2676,6 +2786,56 @@ export interface AwsSecurityFindingFilters {
      *       </p>
      */
     ComplianceAssociatedStandardsId?: StringFilter[];
+    /**
+     * @public
+     * <p>
+     *             Indicates whether a software vulnerability in your environment has a known exploit. You can filter findings by this
+     *             field only if you use Security Hub and Amazon Inspector.
+     *         </p>
+     */
+    VulnerabilitiesExploitAvailable?: StringFilter[];
+    /**
+     * @public
+     * <p>
+     *             Indicates whether a vulnerability is fixed in a newer version of the affected software packages. You can filter
+     *             findings by this field only if you use Security Hub and Amazon Inspector.
+     *
+     *         </p>
+     */
+    VulnerabilitiesFixAvailable?: StringFilter[];
+    /**
+     * @public
+     * <p>
+     *             The name of a security control parameter.
+     *         </p>
+     */
+    ComplianceSecurityControlParametersName?: StringFilter[];
+    /**
+     * @public
+     * <p>
+     *             The current value of a security control parameter.
+     *         </p>
+     */
+    ComplianceSecurityControlParametersValue?: StringFilter[];
+    /**
+     * @public
+     * <p>The name of the Amazon Web Services account in which a finding is generated.</p>
+     */
+    AwsAccountName?: StringFilter[];
+    /**
+     * @public
+     * <p>
+     *             The name of the application that is related to a finding.
+     *         </p>
+     */
+    ResourceApplicationName?: StringFilter[];
+    /**
+     * @public
+     * <p>
+     *             The ARN of the application that is related to a finding.
+     *         </p>
+     */
+    ResourceApplicationArn?: StringFilter[];
 }
 /**
  * @public
@@ -2938,401 +3098,866 @@ export interface BatchGetAutomationRulesResponse {
      */
     UnprocessedAutomationRules?: UnprocessedAutomationRule[];
 }
+/**
+ * @public
+ * <p>
+ *             The target account, organizational unit, or the root that is associated with an Security Hub configuration. The configuration
+ *             can be a configuration policy or self-managed behavior.
+ *         </p>
+ */
+export type Target = Target.AccountIdMember | Target.OrganizationalUnitIdMember | Target.RootIdMember | Target.$UnknownMember;
 /**
  * @public
  */
-export interface BatchGetSecurityControlsRequest {
+export declare namespace Target {
     /**
      * @public
-     * <p> A list of security controls (identified with <code>SecurityControlId</code>,
-     *             <code>SecurityControlArn</code>, or a mix of both parameters). The security control ID
-     *          or Amazon Resource Name (ARN) is the same across standards. </p>
+     * <p>
+     *             The Amazon Web Services account ID of the target account.
+     *         </p>
      */
-    SecurityControlIds: string[] | undefined;
+    interface AccountIdMember {
+        AccountId: string;
+        OrganizationalUnitId?: never;
+        RootId?: never;
+        $unknown?: never;
+    }
+    /**
+     * @public
+     * <p>
+     *             The organizational unit ID of the target organizational unit.
+     *         </p>
+     */
+    interface OrganizationalUnitIdMember {
+        AccountId?: never;
+        OrganizationalUnitId: string;
+        RootId?: never;
+        $unknown?: never;
+    }
+    /**
+     * @public
+     * <p>
+     *             The ID of the organization root.
+     *         </p>
+     */
+    interface RootIdMember {
+        AccountId?: never;
+        OrganizationalUnitId?: never;
+        RootId: string;
+        $unknown?: never;
+    }
+    /**
+     * @public
+     */
+    interface $UnknownMember {
+        AccountId?: never;
+        OrganizationalUnitId?: never;
+        RootId?: never;
+        $unknown: [string, any];
+    }
+    interface Visitor<T> {
+        AccountId: (value: string) => T;
+        OrganizationalUnitId: (value: string) => T;
+        RootId: (value: string) => T;
+        _: (name: string, value: any) => T;
+    }
+    const visit: <T>(value: Target, visitor: Visitor<T>) => T;
 }
 /**
  * @public
- * @enum
+ * <p>
+ *             Provides details about the association between an Security Hub configuration and a target account, organizational unit, or
+ *             the root. An association can exist between a target and a configuration policy, or between a target and self-managed
+ *             behavior.
+ *         </p>
  */
-export declare const ControlStatus: {
-    readonly DISABLED: "DISABLED";
-    readonly ENABLED: "ENABLED";
-};
+export interface ConfigurationPolicyAssociation {
+    /**
+     * @public
+     * <p>
+     *             The target account, organizational unit, or the root.
+     *         </p>
+     */
+    Target?: Target;
+}
 /**
  * @public
  */
-export type ControlStatus = (typeof ControlStatus)[keyof typeof ControlStatus];
+export interface BatchGetConfigurationPolicyAssociationsRequest {
+    /**
+     * @public
+     * <p>
+     *             Specifies one or more target account IDs, organizational unit (OU) IDs, or the root ID to retrieve associations for.
+     *         </p>
+     */
+    ConfigurationPolicyAssociationIdentifiers: ConfigurationPolicyAssociation[] | undefined;
+}
 /**
  * @public
  * @enum
  */
-export declare const SeverityRating: {
-    readonly CRITICAL: "CRITICAL";
-    readonly HIGH: "HIGH";
-    readonly LOW: "LOW";
-    readonly MEDIUM: "MEDIUM";
+export declare const TargetType: {
+    readonly ACCOUNT: "ACCOUNT";
+    readonly ORGANIZATIONAL_UNIT: "ORGANIZATIONAL_UNIT";
 };
 /**
  * @public
  */
-export type SeverityRating = (typeof SeverityRating)[keyof typeof SeverityRating];
+export type TargetType = (typeof TargetType)[keyof typeof TargetType];
 /**
  * @public
  * <p>
- *          A security control in Security Hub describes a security best practice related to a specific resource.
- *       </p>
+ *             An object that contains the details of a configuration policy association that’s returned in a
+ *             <code>ListConfigurationPolicyAssociations</code> request.
+ *         </p>
  */
-export interface SecurityControl {
+export interface ConfigurationPolicyAssociationSummary {
     /**
      * @public
      * <p>
-     *          The unique identifier of a security control across standards. Values for this field typically consist of an Amazon Web Service name and a
-     *          number, such as APIGateway.3.
-     *       </p>
+     *             The universally unique identifier (UUID) of the configuration policy.
+     *         </p>
      */
-    SecurityControlId: string | undefined;
+    ConfigurationPolicyId?: string;
     /**
      * @public
-     * <p> The Amazon Resource Name (ARN) for a security control across standards, such as
-     *             <code>arn:aws:securityhub:eu-central-1:123456789012:security-control/S3.1</code>. This
-     *          parameter doesn't mention a specific standard. </p>
+     * <p>
+     *             The identifier of the target account, organizational unit, or the root.
+     *         </p>
      */
-    SecurityControlArn: string | undefined;
+    TargetId?: string;
     /**
      * @public
-     * <p>The title of a security control.
-     *       </p>
+     * <p>
+     *             Specifies whether the target is an Amazon Web Services account, organizational unit, or the root.
+     *         </p>
      */
-    Title: string | undefined;
+    TargetType?: TargetType;
     /**
      * @public
-     * <p> The description of a security control across standards. This typically summarizes how
-     *             Security Hub evaluates the control and the conditions under which it produces a
-     *          failed finding. This parameter doesn't reference a specific standard. </p>
+     * <p>
+     *             Indicates whether the association between the specified target and the configuration was directly applied by the
+     *             Security Hub delegated administrator or inherited from a parent.
+     *         </p>
      */
-    Description: string | undefined;
+    AssociationType?: AssociationType;
     /**
      * @public
      * <p>
-     *          A link to Security Hub documentation that explains how to remediate a failed finding for a security control.
-     *       </p>
+     *             The date and time, in UTC and ISO 8601 format, that the configuration policy association was last updated.
+     *         </p>
      */
-    RemediationUrl: string | undefined;
+    UpdatedAt?: Date;
     /**
      * @public
      * <p>
-     *          The severity of a security control. For more information about how Security Hub determines control severity, see
-     *          <a href="https://docs.aws.amazon.com/securityhub/latest/userguide/controls-findings-create-update.html#control-findings-severity">Assigning severity to control findings</a> in the
-     *          <i>Security Hub User Guide</i>.
-     *       </p>
+     *             The current status of the association between the specified target and the configuration.
+     *         </p>
      */
-    SeverityRating: SeverityRating | undefined;
+    AssociationStatus?: ConfigurationPolicyAssociationStatus;
     /**
      * @public
      * <p>
-     *          The enablement status of a security control in a specific standard.
-     *       </p>
+     *             The explanation for a <code>FAILED</code> value for <code>AssociationStatus</code>.
+     *         </p>
      */
-    SecurityControlStatus: ControlStatus | undefined;
+    AssociationStatusMessage?: string;
 }
 /**
  * @public
- * @enum
- */
-export declare const UnprocessedErrorCode: {
-    readonly ACCESS_DENIED: "ACCESS_DENIED";
-    readonly INVALID_INPUT: "INVALID_INPUT";
-    readonly LIMIT_EXCEEDED: "LIMIT_EXCEEDED";
-    readonly NOT_FOUND: "NOT_FOUND";
-};
-/**
- * @public
- */
-export type UnprocessedErrorCode = (typeof UnprocessedErrorCode)[keyof typeof UnprocessedErrorCode];
-/**
- * @public
- * <p> Provides details about a security control for which a response couldn't be returned. </p>
+ * <p>
+ *             An array of configuration policy associations, one for each configuration policy association identifier, that
+ *             was specified in a <code>BatchGetConfigurationPolicyAssociations</code> request but couldn’t be processed due
+ *             to an error.
+ *         </p>
  */
-export interface UnprocessedSecurityControl {
+export interface UnprocessedConfigurationPolicyAssociation {
     /**
      * @public
-     * <p> The control (identified with <code>SecurityControlId</code>,
-     *             <code>SecurityControlArn</code>, or a mix of both parameters) for which a response
-     *          couldn't be returned. </p>
+     * <p>
+     *             Configuration policy association identifiers that were specified in a <code>BatchGetConfigurationPolicyAssociations</code>
+     *             request but couldn’t be processed due to an error.
+     *         </p>
      */
-    SecurityControlId: string | undefined;
+    ConfigurationPolicyAssociationIdentifiers?: ConfigurationPolicyAssociation;
     /**
      * @public
      * <p>
-     *          The error code for the unprocessed security control.
-     *       </p>
+     *             An HTTP status code that identifies why the configuration policy association failed.
+     *         </p>
      */
-    ErrorCode: UnprocessedErrorCode | undefined;
+    ErrorCode?: string;
     /**
      * @public
      * <p>
-     *          The reason why the security control was unprocessed.
-     *       </p>
+     *             A string that identifies why the configuration policy association failed.
+     *         </p>
      */
     ErrorReason?: string;
 }
 /**
  * @public
  */
-export interface BatchGetSecurityControlsResponse {
+export interface BatchGetConfigurationPolicyAssociationsResponse {
     /**
      * @public
      * <p>
-     *          An array that returns the identifier, Amazon Resource Name (ARN), and other details about a security control.
-     *          The same information is returned whether the request includes <code>SecurityControlId</code> or <code>SecurityControlArn</code>.
-     *       </p>
+     *             Describes associations for the target accounts, OUs, or the root.
+     *         </p>
      */
-    SecurityControls: SecurityControl[] | undefined;
+    ConfigurationPolicyAssociations?: ConfigurationPolicyAssociationSummary[];
     /**
      * @public
      * <p>
-     *          A security control (identified with <code>SecurityControlId</code>, <code>SecurityControlArn</code>, or a mix of both parameters) for which
-     *          details cannot be returned.
-     *       </p>
+     *             An array of configuration policy associations, one for each configuration policy association identifier, that was
+     *             specified in the request but couldn’t be processed due to an error.
+     *         </p>
      */
-    UnprocessedIds?: UnprocessedSecurityControl[];
+    UnprocessedConfigurationPolicyAssociations?: UnprocessedConfigurationPolicyAssociation[];
 }
 /**
  * @public
- * <p>
- *          An array with one or more objects that includes a security control (identified with <code>SecurityControlId</code>, <code>SecurityControlArn</code>, or a mix of both parameters)
- *          and the Amazon Resource Name (ARN) of a standard. The security control ID or ARN is the same across standards.
- *       </p>
  */
-export interface StandardsControlAssociationId {
+export interface BatchGetSecurityControlsRequest {
     /**
      * @public
-     * <p>
-     *          The unique identifier (identified with <code>SecurityControlId</code>, <code>SecurityControlArn</code>, or a mix of both parameters) of a security
-     *          control across standards.
-     *       </p>
-     */
-    SecurityControlId: string | undefined;
-    /**
-     * @public
-     * <p>
-     *          The ARN of a standard.
-     *       </p>
+     * <p> A list of security controls (identified with <code>SecurityControlId</code>,
+     *             <code>SecurityControlArn</code>, or a mix of both parameters). The security control ID
+     *          or Amazon Resource Name (ARN) is the same across standards. </p>
      */
-    StandardsArn: string | undefined;
+    SecurityControlIds: string[] | undefined;
 }
 /**
  * @public
+ * <p>
+ *             An object that includes the data type of a security control parameter and its current value.
+ *         </p>
  */
-export interface BatchGetStandardsControlAssociationsRequest {
-    /**
-     * @public
-     * <p>
-     *          An array with one or more objects that includes a security control (identified with <code>SecurityControlId</code>, <code>SecurityControlArn</code>, or a mix of both parameters) and the Amazon Resource Name (ARN) of a standard.
-     *          This field is used to query the enablement status of a control in a specified standard. The security control ID or ARN is the same across standards.
-     *       </p>
-     */
-    StandardsControlAssociationIds: StandardsControlAssociationId[] | undefined;
-}
+export type ParameterValue = ParameterValue.BooleanMember | ParameterValue.DoubleMember | ParameterValue.EnumMember | ParameterValue.EnumListMember | ParameterValue.IntegerMember | ParameterValue.IntegerListMember | ParameterValue.StringMember | ParameterValue.StringListMember | ParameterValue.$UnknownMember;
 /**
  * @public
- * <p> Provides details about a control's enablement status in a specified standard. </p>
  */
-export interface StandardsControlAssociationDetail {
+export declare namespace ParameterValue {
     /**
      * @public
      * <p>
-     *          The Amazon Resource Name (ARN) of a security standard.
-     *       </p>
+     *             A control parameter that is an integer.
+     *         </p>
      */
-    StandardsArn: string | undefined;
+    interface IntegerMember {
+        Integer: number;
+        IntegerList?: never;
+        Double?: never;
+        String?: never;
+        StringList?: never;
+        Boolean?: never;
+        Enum?: never;
+        EnumList?: never;
+        $unknown?: never;
+    }
     /**
      * @public
      * <p>
-     *          The unique identifier of a security control across standards. Values for this field typically consist of an Amazon Web Service
-     *          name and a number, such as APIGateway.3.
-     *       </p>
+     *             A control parameter that is a list of integers.
+     *         </p>
      */
-    SecurityControlId: string | undefined;
+    interface IntegerListMember {
+        Integer?: never;
+        IntegerList: number[];
+        Double?: never;
+        String?: never;
+        StringList?: never;
+        Boolean?: never;
+        Enum?: never;
+        EnumList?: never;
+        $unknown?: never;
+    }
     /**
      * @public
-     * <p> The ARN of a security control across standards, such as
-     *             <code>arn:aws:securityhub:eu-central-1:123456789012:security-control/S3.1</code>. This
-     *          parameter doesn't mention a specific standard. </p>
+     * <p>
+     *             A control parameter that is a double.
+     *         </p>
      */
-    SecurityControlArn: string | undefined;
+    interface DoubleMember {
+        Integer?: never;
+        IntegerList?: never;
+        Double: number;
+        String?: never;
+        StringList?: never;
+        Boolean?: never;
+        Enum?: never;
+        EnumList?: never;
+        $unknown?: never;
+    }
     /**
      * @public
      * <p>
-     *          Specifies whether a control is enabled or disabled in a specified standard.
-     *       </p>
+     *             A control parameter that is a string.
+     *         </p>
      */
-    AssociationStatus: AssociationStatus | undefined;
+    interface StringMember {
+        Integer?: never;
+        IntegerList?: never;
+        Double?: never;
+        String: string;
+        StringList?: never;
+        Boolean?: never;
+        Enum?: never;
+        EnumList?: never;
+        $unknown?: never;
+    }
     /**
      * @public
      * <p>
-     *          The requirement that underlies a control in the compliance framework related to the standard.
-     *       </p>
+     *             A control parameter that is a list of strings.
+     *         </p>
      */
-    RelatedRequirements?: string[];
+    interface StringListMember {
+        Integer?: never;
+        IntegerList?: never;
+        Double?: never;
+        String?: never;
+        StringList: string[];
+        Boolean?: never;
+        Enum?: never;
+        EnumList?: never;
+        $unknown?: never;
+    }
     /**
      * @public
      * <p>
-     *          The time at which the enablement status of the control in the specified standard was last updated.
-     *       </p>
+     *             A control parameter that is a boolean.
+     *         </p>
      */
-    UpdatedAt?: Date;
+    interface BooleanMember {
+        Integer?: never;
+        IntegerList?: never;
+        Double?: never;
+        String?: never;
+        StringList?: never;
+        Boolean: boolean;
+        Enum?: never;
+        EnumList?: never;
+        $unknown?: never;
+    }
     /**
      * @public
      * <p>
-     *          The reason for updating the enablement status of a control in a specified standard.
-     *       </p>
+     *             A control parameter that is an enum.
+     *         </p>
      */
-    UpdatedReason?: string;
+    interface EnumMember {
+        Integer?: never;
+        IntegerList?: never;
+        Double?: never;
+        String?: never;
+        StringList?: never;
+        Boolean?: never;
+        Enum: string;
+        EnumList?: never;
+        $unknown?: never;
+    }
     /**
      * @public
      * <p>
-     *          The title of a control. This field may reference a specific standard.
-     *       </p>
+     *             A control parameter that is a list of enums.
+     *         </p>
      */
-    StandardsControlTitle?: string;
+    interface EnumListMember {
+        Integer?: never;
+        IntegerList?: never;
+        Double?: never;
+        String?: never;
+        StringList?: never;
+        Boolean?: never;
+        Enum?: never;
+        EnumList: string[];
+        $unknown?: never;
+    }
+    /**
+     * @public
+     */
+    interface $UnknownMember {
+        Integer?: never;
+        IntegerList?: never;
+        Double?: never;
+        String?: never;
+        StringList?: never;
+        Boolean?: never;
+        Enum?: never;
+        EnumList?: never;
+        $unknown: [string, any];
+    }
+    interface Visitor<T> {
+        Integer: (value: number) => T;
+        IntegerList: (value: number[]) => T;
+        Double: (value: number) => T;
+        String: (value: string) => T;
+        StringList: (value: string[]) => T;
+        Boolean: (value: boolean) => T;
+        Enum: (value: string) => T;
+        EnumList: (value: string[]) => T;
+        _: (name: string, value: any) => T;
+    }
+    const visit: <T>(value: ParameterValue, visitor: Visitor<T>) => T;
+}
+/**
+ * @public
+ * @enum
+ */
+export declare const ParameterValueType: {
+    readonly CUSTOM: "CUSTOM";
+    readonly DEFAULT: "DEFAULT";
+};
+/**
+ * @public
+ */
+export type ParameterValueType = (typeof ParameterValueType)[keyof typeof ParameterValueType];
+/**
+ * @public
+ * <p>
+ *             An object that provides the current value of a security control parameter and identifies whether it has been customized.
+ *         </p>
+ */
+export interface ParameterConfiguration {
     /**
      * @public
      * <p>
-     *          The description of a control. This typically summarizes how Security Hub evaluates the control and the
-     *          conditions under which it produces a failed finding. This parameter may reference a specific standard.
-     *       </p>
+     *             Identifies whether a control parameter uses a custom user-defined value or the Security Hub default value.
+     *         </p>
      */
-    StandardsControlDescription?: string;
+    ValueType: ParameterValueType | undefined;
     /**
      * @public
-     * <p> Provides the input parameter that Security Hub uses to call the <a href="https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_UpdateStandardsControl.html">UpdateStandardsControl</a> API. This API can be used to enable or disable a control
-     *          in a specified standard. </p>
+     * <p>
+     *             The current value of a control parameter.
+     *         </p>
      */
-    StandardsControlArns?: string[];
+    Value?: ParameterValue;
 }
 /**
  * @public
- * <p> Provides details about which
- *          control's enablement status couldn't be retrieved in a specified standard when calling <a href="https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_BatchUpdateStandardsControlAssociations.html">BatchUpdateStandardsControlAssociations</a>. This parameter also provides details
- *          about why the request was unprocessed. </p>
+ * @enum
  */
-export interface UnprocessedStandardsControlAssociation {
+export declare const ControlStatus: {
+    readonly DISABLED: "DISABLED";
+    readonly ENABLED: "ENABLED";
+};
+/**
+ * @public
+ */
+export type ControlStatus = (typeof ControlStatus)[keyof typeof ControlStatus];
+/**
+ * @public
+ * @enum
+ */
+export declare const SeverityRating: {
+    readonly CRITICAL: "CRITICAL";
+    readonly HIGH: "HIGH";
+    readonly LOW: "LOW";
+    readonly MEDIUM: "MEDIUM";
+};
+/**
+ * @public
+ */
+export type SeverityRating = (typeof SeverityRating)[keyof typeof SeverityRating];
+/**
+ * @public
+ * @enum
+ */
+export declare const UpdateStatus: {
+    readonly READY: "READY";
+    readonly UPDATING: "UPDATING";
+};
+/**
+ * @public
+ */
+export type UpdateStatus = (typeof UpdateStatus)[keyof typeof UpdateStatus];
+/**
+ * @public
+ * <p>
+ *          A security control in Security Hub describes a security best practice related to a specific resource.
+ *       </p>
+ */
+export interface SecurityControl {
     /**
      * @public
-     * <p> An array with one or more objects that includes a security control (identified with
-     *             <code>SecurityControlId</code>, <code>SecurityControlArn</code>, or a mix of both
-     *          parameters) and the Amazon Resource Name (ARN) of a standard. This parameter shows the
-     *          specific controls for which the enablement status couldn't be retrieved in specified standards when
-     *          calling <a href="https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_BatchUpdateStandardsControlAssociations.html">BatchUpdateStandardsControlAssociations</a>. </p>
+     * <p>
+     *          The unique identifier of a security control across standards. Values for this field typically consist of an Amazon Web Service name and a
+     *          number, such as APIGateway.3.
+     *       </p>
      */
-    StandardsControlAssociationId: StandardsControlAssociationId | undefined;
+    SecurityControlId: string | undefined;
     /**
      * @public
-     * <p>The error code for the unprocessed standard and control association.
+     * <p> The Amazon Resource Name (ARN) for a security control across standards, such as
+     *             <code>arn:aws:securityhub:eu-central-1:123456789012:security-control/S3.1</code>. This
+     *          parameter doesn't mention a specific standard. </p>
+     */
+    SecurityControlArn: string | undefined;
+    /**
+     * @public
+     * <p>The title of a security control.
      *       </p>
      */
-    ErrorCode: UnprocessedErrorCode | undefined;
+    Title: string | undefined;
     /**
      * @public
-     * <p>The reason why the standard and control association was unprocessed. </p>
+     * <p> The description of a security control across standards. This typically summarizes how
+     *             Security Hub evaluates the control and the conditions under which it produces a
+     *          failed finding. This parameter doesn't reference a specific standard. </p>
      */
-    ErrorReason?: string;
-}
-/**
- * @public
- */
-export interface BatchGetStandardsControlAssociationsResponse {
+    Description: string | undefined;
     /**
      * @public
-     * <p>Provides the enablement status of a security control in a specified standard and other details for the control in relation to
-     *          the specified standard.
+     * <p>
+     *          A link to Security Hub documentation that explains how to remediate a failed finding for a security control.
      *       </p>
      */
-    StandardsControlAssociationDetails: StandardsControlAssociationDetail[] | undefined;
+    RemediationUrl: string | undefined;
     /**
      * @public
      * <p>
-     *          A security control (identified with <code>SecurityControlId</code>, <code>SecurityControlArn</code>, or a mix of both parameters) whose enablement
-     *          status in a specified standard cannot be returned.
+     *          The severity of a security control. For more information about how Security Hub determines control severity, see
+     *          <a href="https://docs.aws.amazon.com/securityhub/latest/userguide/controls-findings-create-update.html#control-findings-severity">Assigning severity to control findings</a> in the
+     *          <i>Security Hub User Guide</i>.
      *       </p>
      */
-    UnprocessedAssociations?: UnprocessedStandardsControlAssociation[];
-}
-/**
- * @public
- */
-export interface BatchImportFindingsRequest {
+    SeverityRating: SeverityRating | undefined;
     /**
      * @public
-     * <p>A list of findings to import. To successfully import a finding, it must follow the
-     *             <a href="https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-findings-format.html">Amazon Web Services Security Finding Format</a>. Maximum of 100 findings per request.</p>
+     * <p>
+     *          The enablement status of a security control in a specific standard.
+     *       </p>
      */
-    Findings: AwsSecurityFinding[] | undefined;
-}
-/**
- * @public
- * <p>The list of the findings that cannot be imported. For each finding, the list provides
- *          the error.</p>
- */
-export interface ImportFindingsError {
+    SecurityControlStatus: ControlStatus | undefined;
     /**
      * @public
-     * <p>The identifier of the finding that could not be updated.</p>
+     * <p>
+     *             Identifies whether customizable properties of a security control are reflected in Security Hub findings. A status of
+     * <code>READY</code> indicates findings include the current parameter values. A status of <code>UPDATING</code> indicates that
+     * all findings may not include the current parameter values.
+     *         </p>
      */
-    Id: string | undefined;
+    UpdateStatus?: UpdateStatus;
     /**
      * @public
-     * <p>The code of the error returned by the <code>BatchImportFindings</code> operation.</p>
+     * <p>
+     *             An object that identifies the name of a control parameter, its current value, and whether it has been customized.
+     *         </p>
      */
-    ErrorCode: string | undefined;
+    Parameters?: Record<string, ParameterConfiguration>;
     /**
      * @public
-     * <p>The message of the error returned by the <code>BatchImportFindings</code>
-     *          operation.</p>
+     * <p>
+     *             The most recent reason for updating the customizable properties of a security control. This differs from the
+     *             <code>UpdateReason</code> field of the <a href="https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_BatchUpdateStandardsControlAssociations.html">
+     *                <code>BatchUpdateStandardsControlAssociations</code>
+     *             </a> API, which tracks the
+     *             reason for updating the enablement status of a control. This field accepts alphanumeric
+     *             characters in addition to white spaces, dashes, and underscores.
+     *         </p>
      */
-    ErrorMessage: string | undefined;
+    LastUpdateReason?: string;
 }
 /**
  * @public
+ * @enum
  */
-export interface BatchImportFindingsResponse {
+export declare const UnprocessedErrorCode: {
+    readonly ACCESS_DENIED: "ACCESS_DENIED";
+    readonly INVALID_INPUT: "INVALID_INPUT";
+    readonly LIMIT_EXCEEDED: "LIMIT_EXCEEDED";
+    readonly NOT_FOUND: "NOT_FOUND";
+};
+/**
+ * @public
+ */
+export type UnprocessedErrorCode = (typeof UnprocessedErrorCode)[keyof typeof UnprocessedErrorCode];
+/**
+ * @public
+ * <p> Provides details about a security control for which a response couldn't be returned. </p>
+ */
+export interface UnprocessedSecurityControl {
     /**
      * @public
-     * <p>The number of findings that failed to import.</p>
+     * <p> The control (identified with <code>SecurityControlId</code>,
+     *             <code>SecurityControlArn</code>, or a mix of both parameters) for which a response
+     *          couldn't be returned. </p>
      */
-    FailedCount: number | undefined;
+    SecurityControlId: string | undefined;
     /**
      * @public
-     * <p>The number of findings that were successfully imported.</p>
+     * <p>
+     *          The error code for the unprocessed security control.
+     *       </p>
      */
-    SuccessCount: number | undefined;
+    ErrorCode: UnprocessedErrorCode | undefined;
     /**
      * @public
-     * <p>The list of findings that failed to import.</p>
+     * <p>
+     *          The reason why the security control was unprocessed.
+     *       </p>
      */
-    FailedFindings?: ImportFindingsError[];
+    ErrorReason?: string;
 }
 /**
  * @public
- * <p>
- *          Specifies the parameters to update in an existing automation rule.
- *       </p>
  */
-export interface UpdateAutomationRulesRequestItem {
+export interface BatchGetSecurityControlsResponse {
     /**
      * @public
      * <p>
-     *          The Amazon Resource Name (ARN) for the rule.
+     *          An array that returns the identifier, Amazon Resource Name (ARN), and other details about a security control.
+     *          The same information is returned whether the request includes <code>SecurityControlId</code> or <code>SecurityControlArn</code>.
      *       </p>
      */
-    RuleArn: string | undefined;
+    SecurityControls: SecurityControl[] | undefined;
     /**
      * @public
      * <p>
-     *          Whether the rule is active after it is created. If
-     *          this parameter is equal to <code>ENABLED</code>, Security Hub starts applying the rule to findings
-     *          and finding updates after the rule is created. To change the value of this
+     *          A security control (identified with <code>SecurityControlId</code>, <code>SecurityControlArn</code>, or a mix of both parameters) for which
+     *          details cannot be returned.
+     *       </p>
+     */
+    UnprocessedIds?: UnprocessedSecurityControl[];
+}
+/**
+ * @public
+ * <p>
+ *          An array with one or more objects that includes a security control (identified with <code>SecurityControlId</code>, <code>SecurityControlArn</code>, or a mix of both parameters)
+ *          and the Amazon Resource Name (ARN) of a standard. The security control ID or ARN is the same across standards.
+ *       </p>
+ */
+export interface StandardsControlAssociationId {
+    /**
+     * @public
+     * <p>
+     *          The unique identifier (identified with <code>SecurityControlId</code>, <code>SecurityControlArn</code>, or a mix of both parameters) of a security
+     *          control across standards.
+     *       </p>
+     */
+    SecurityControlId: string | undefined;
+    /**
+     * @public
+     * <p>
+     *          The ARN of a standard.
+     *       </p>
+     */
+    StandardsArn: string | undefined;
+}
+/**
+ * @public
+ */
+export interface BatchGetStandardsControlAssociationsRequest {
+    /**
+     * @public
+     * <p>
+     *          An array with one or more objects that includes a security control (identified with <code>SecurityControlId</code>, <code>SecurityControlArn</code>, or a mix of both parameters) and the Amazon Resource Name (ARN) of a standard.
+     *          This field is used to query the enablement status of a control in a specified standard. The security control ID or ARN is the same across standards.
+     *       </p>
+     */
+    StandardsControlAssociationIds: StandardsControlAssociationId[] | undefined;
+}
+/**
+ * @public
+ * <p> Provides details about a control's enablement status in a specified standard. </p>
+ */
+export interface StandardsControlAssociationDetail {
+    /**
+     * @public
+     * <p>
+     *          The Amazon Resource Name (ARN) of a security standard.
+     *       </p>
+     */
+    StandardsArn: string | undefined;
+    /**
+     * @public
+     * <p>
+     *          The unique identifier of a security control across standards. Values for this field typically consist of an Amazon Web Service
+     *          name and a number, such as APIGateway.3.
+     *       </p>
+     */
+    SecurityControlId: string | undefined;
+    /**
+     * @public
+     * <p> The ARN of a security control across standards, such as
+     *             <code>arn:aws:securityhub:eu-central-1:123456789012:security-control/S3.1</code>. This
+     *          parameter doesn't mention a specific standard. </p>
+     */
+    SecurityControlArn: string | undefined;
+    /**
+     * @public
+     * <p>
+     *          Specifies whether a control is enabled or disabled in a specified standard.
+     *       </p>
+     */
+    AssociationStatus: AssociationStatus | undefined;
+    /**
+     * @public
+     * <p>
+     *          The requirement that underlies a control in the compliance framework related to the standard.
+     *       </p>
+     */
+    RelatedRequirements?: string[];
+    /**
+     * @public
+     * <p>
+     *          The time at which the enablement status of the control in the specified standard was last updated.
+     *       </p>
+     */
+    UpdatedAt?: Date;
+    /**
+     * @public
+     * <p>
+     *          The reason for updating the enablement status of a control in a specified standard.
+     *       </p>
+     */
+    UpdatedReason?: string;
+    /**
+     * @public
+     * <p>
+     *          The title of a control. This field may reference a specific standard.
+     *       </p>
+     */
+    StandardsControlTitle?: string;
+    /**
+     * @public
+     * <p>
+     *          The description of a control. This typically summarizes how Security Hub evaluates the control and the
+     *          conditions under which it produces a failed finding. This parameter may reference a specific standard.
+     *       </p>
+     */
+    StandardsControlDescription?: string;
+    /**
+     * @public
+     * <p> Provides the input parameter that Security Hub uses to call the <a href="https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_UpdateStandardsControl.html">UpdateStandardsControl</a> API. This API can be used to enable or disable a control
+     *          in a specified standard. </p>
+     */
+    StandardsControlArns?: string[];
+}
+/**
+ * @public
+ * <p> Provides details about which
+ *          control's enablement status couldn't be retrieved in a specified standard when calling <a href="https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_BatchUpdateStandardsControlAssociations.html">BatchUpdateStandardsControlAssociations</a>. This parameter also provides details
+ *          about why the request was unprocessed. </p>
+ */
+export interface UnprocessedStandardsControlAssociation {
+    /**
+     * @public
+     * <p> An array with one or more objects that includes a security control (identified with
+     *             <code>SecurityControlId</code>, <code>SecurityControlArn</code>, or a mix of both
+     *          parameters) and the Amazon Resource Name (ARN) of a standard. This parameter shows the
+     *          specific controls for which the enablement status couldn't be retrieved in specified standards when
+     *          calling <a href="https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_BatchUpdateStandardsControlAssociations.html">BatchUpdateStandardsControlAssociations</a>. </p>
+     */
+    StandardsControlAssociationId: StandardsControlAssociationId | undefined;
+    /**
+     * @public
+     * <p>The error code for the unprocessed standard and control association.
+     *       </p>
+     */
+    ErrorCode: UnprocessedErrorCode | undefined;
+    /**
+     * @public
+     * <p>The reason why the standard and control association was unprocessed. </p>
+     */
+    ErrorReason?: string;
+}
+/**
+ * @public
+ */
+export interface BatchGetStandardsControlAssociationsResponse {
+    /**
+     * @public
+     * <p>Provides the enablement status of a security control in a specified standard and other details for the control in relation to
+     *          the specified standard.
+     *       </p>
+     */
+    StandardsControlAssociationDetails: StandardsControlAssociationDetail[] | undefined;
+    /**
+     * @public
+     * <p>
+     *          A security control (identified with <code>SecurityControlId</code>, <code>SecurityControlArn</code>, or a mix of both parameters) whose enablement
+     *          status in a specified standard cannot be returned.
+     *       </p>
+     */
+    UnprocessedAssociations?: UnprocessedStandardsControlAssociation[];
+}
+/**
+ * @public
+ */
+export interface BatchImportFindingsRequest {
+    /**
+     * @public
+     * <p>A list of findings to import. To successfully import a finding, it must follow the
+     *             <a href="https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-findings-format.html">Amazon Web Services Security Finding Format</a>. Maximum of 100 findings per request.</p>
+     */
+    Findings: AwsSecurityFinding[] | undefined;
+}
+/**
+ * @public
+ * <p>The list of the findings that cannot be imported. For each finding, the list provides
+ *          the error.</p>
+ */
+export interface ImportFindingsError {
+    /**
+     * @public
+     * <p>The identifier of the finding that could not be updated.</p>
+     */
+    Id: string | undefined;
+    /**
+     * @public
+     * <p>The code of the error returned by the <code>BatchImportFindings</code> operation.</p>
+     */
+    ErrorCode: string | undefined;
+    /**
+     * @public
+     * <p>The message of the error returned by the <code>BatchImportFindings</code>
+     *          operation.</p>
+     */
+    ErrorMessage: string | undefined;
+}
+/**
+ * @public
+ */
+export interface BatchImportFindingsResponse {
+    /**
+     * @public
+     * <p>The number of findings that failed to import.</p>
+     */
+    FailedCount: number | undefined;
+    /**
+     * @public
+     * <p>The number of findings that were successfully imported.</p>
+     */
+    SuccessCount: number | undefined;
+    /**
+     * @public
+     * <p>The list of findings that failed to import.</p>
+     */
+    FailedFindings?: ImportFindingsError[];
+}
+/**
+ * @public
+ * <p>
+ *          Specifies the parameters to update in an existing automation rule.
+ *       </p>
+ */
+export interface UpdateAutomationRulesRequestItem {
+    /**
+     * @public
+     * <p>
+     *          The Amazon Resource Name (ARN) for the rule.
+     *       </p>
+     */
+    RuleArn: string | undefined;
+    /**
+     * @public
+     * <p>
+     *          Whether the rule is active after it is created. If
+     *          this parameter is equal to <code>ENABLED</code>, Security Hub starts applying the rule to findings
+     *          and finding updates after the rule is created. To change the value of this
      *          parameter after creating a rule, use <a href="https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_BatchUpdateAutomationRules.html">
      *                <code>BatchUpdateAutomationRules</code>
      *             </a>.
@@ -3708,15 +4333,468 @@ export interface BatchUpdateStandardsControlAssociationsResponse {
 }
 /**
  * @public
- * @enum
+ * <p>
+ *             The options for customizing a security control parameter with a boolean. For a boolean parameter, the options are
+ *             <code>true</code> and <code>false</code>.
+ *         </p>
  */
-export declare const ControlFindingGenerator: {
-    readonly SECURITY_CONTROL: "SECURITY_CONTROL";
-    readonly STANDARD_CONTROL: "STANDARD_CONTROL";
-};
+export interface BooleanConfigurationOptions {
+    /**
+     * @public
+     * <p>
+     *             The Security Hub default value for a boolean parameter.
+     *         </p>
+     */
+    DefaultValue?: boolean;
+}
 /**
  * @public
- */
+ * <p>
+ *             The options for customizing a security control parameter that is a double.
+ *         </p>
+ */
+export interface DoubleConfigurationOptions {
+    /**
+     * @public
+     * <p>
+     *             The Security Hub default value for a control parameter that is a double.
+     *         </p>
+     */
+    DefaultValue?: number;
+    /**
+     * @public
+     * <p>
+     *             The minimum valid value for a control parameter that is a double.
+     *         </p>
+     */
+    Min?: number;
+    /**
+     * @public
+     * <p>
+     *             The maximum valid value for a control parameter that is a double.
+     *         </p>
+     */
+    Max?: number;
+}
+/**
+ * @public
+ * <p>
+ *             The options for customizing a security control parameter that is an enum.
+ *         </p>
+ */
+export interface EnumConfigurationOptions {
+    /**
+     * @public
+     * <p>
+     *             The Security Hub default value for a control parameter that is an enum.
+     *         </p>
+     */
+    DefaultValue?: string;
+    /**
+     * @public
+     * <p>
+     *             The valid values for a control parameter that is an enum.
+     *         </p>
+     */
+    AllowedValues?: string[];
+}
+/**
+ * @public
+ * <p>
+ *             The options for customizing a security control parameter that is a list of enums.
+ *         </p>
+ */
+export interface EnumListConfigurationOptions {
+    /**
+     * @public
+     * <p>
+     *             The Security Hub default value for a control parameter that is a list of enums.
+     *         </p>
+     */
+    DefaultValue?: string[];
+    /**
+     * @public
+     * <p>
+     *             The maximum number of list items that an enum list control parameter can accept.
+     *         </p>
+     */
+    MaxItems?: number;
+    /**
+     * @public
+     * <p>
+     *             The valid values for a control parameter that is a list of enums.
+     *         </p>
+     */
+    AllowedValues?: string[];
+}
+/**
+ * @public
+ * <p>
+ *             The options for customizing a security control parameter that is an integer.
+ *         </p>
+ */
+export interface IntegerConfigurationOptions {
+    /**
+     * @public
+     * <p>
+     *             The Security Hub default value for a control parameter that is an integer.
+     *         </p>
+     */
+    DefaultValue?: number;
+    /**
+     * @public
+     * <p>
+     *             The minimum valid value for a control parameter that is an integer.
+     *         </p>
+     */
+    Min?: number;
+    /**
+     * @public
+     * <p>
+     *             The maximum valid value for a control parameter that is an integer.
+     *         </p>
+     */
+    Max?: number;
+}
+/**
+ * @public
+ * <p>
+ *             The options for customizing a security control parameter that is a list of integers.
+ *         </p>
+ */
+export interface IntegerListConfigurationOptions {
+    /**
+     * @public
+     * <p>
+     *             The Security Hub default value for a control parameter that is a list of integers.
+     *         </p>
+     */
+    DefaultValue?: number[];
+    /**
+     * @public
+     * <p>
+     *             The minimum valid value for a control parameter that is a list of integers.
+     *         </p>
+     */
+    Min?: number;
+    /**
+     * @public
+     * <p>
+     *             The maximum valid value for a control parameter that is a list of integers.
+     *         </p>
+     */
+    Max?: number;
+    /**
+     * @public
+     * <p>
+     *             The maximum number of list items that an interger list control parameter can accept.
+     *         </p>
+     */
+    MaxItems?: number;
+}
+/**
+ * @public
+ * <p>
+ *             The options for customizing a security control parameter that is a string.
+ *         </p>
+ */
+export interface StringConfigurationOptions {
+    /**
+     * @public
+     * <p>
+     *             The Security Hub default value for a control parameter that is a string.
+     *         </p>
+     */
+    DefaultValue?: string;
+    /**
+     * @public
+     * <p>
+     *             An RE2 regular expression that Security Hub uses to validate a user-provided control parameter string.
+     *         </p>
+     */
+    Re2Expression?: string;
+    /**
+     * @public
+     * <p>
+     *             The description of the RE2 regular expression.
+     *         </p>
+     */
+    ExpressionDescription?: string;
+}
+/**
+ * @public
+ * <p>
+ *             The options for customizing a security control parameter that is a list of strings.
+ *         </p>
+ */
+export interface StringListConfigurationOptions {
+    /**
+     * @public
+     * <p>
+     *             The Security Hub default value for a control parameter that is a list of strings.
+     *         </p>
+     */
+    DefaultValue?: string[];
+    /**
+     * @public
+     * <p>
+     *             An RE2 regular expression that Security Hub uses to validate a user-provided list of strings for a control
+     *             parameter.
+     *         </p>
+     */
+    Re2Expression?: string;
+    /**
+     * @public
+     * <p>
+     *             The maximum number of list items that a string list control parameter can accept.
+     *         </p>
+     */
+    MaxItems?: number;
+    /**
+     * @public
+     * <p>
+     *             The description of the RE2 regular expression.
+     *         </p>
+     */
+    ExpressionDescription?: string;
+}
+/**
+ * @public
+ * <p>
+ *             The options for customizing a security control parameter.
+ *         </p>
+ */
+export type ConfigurationOptions = ConfigurationOptions.BooleanMember | ConfigurationOptions.DoubleMember | ConfigurationOptions.EnumMember | ConfigurationOptions.EnumListMember | ConfigurationOptions.IntegerMember | ConfigurationOptions.IntegerListMember | ConfigurationOptions.StringMember | ConfigurationOptions.StringListMember | ConfigurationOptions.$UnknownMember;
+/**
+ * @public
+ */
+export declare namespace ConfigurationOptions {
+    /**
+     * @public
+     * <p>
+     *             The options for customizing a security control parameter that is an integer.
+     *         </p>
+     */
+    interface IntegerMember {
+        Integer: IntegerConfigurationOptions;
+        IntegerList?: never;
+        Double?: never;
+        String?: never;
+        StringList?: never;
+        Boolean?: never;
+        Enum?: never;
+        EnumList?: never;
+        $unknown?: never;
+    }
+    /**
+     * @public
+     * <p>
+     *             The options for customizing a security control parameter that is a list of integers.
+     *         </p>
+     */
+    interface IntegerListMember {
+        Integer?: never;
+        IntegerList: IntegerListConfigurationOptions;
+        Double?: never;
+        String?: never;
+        StringList?: never;
+        Boolean?: never;
+        Enum?: never;
+        EnumList?: never;
+        $unknown?: never;
+    }
+    /**
+     * @public
+     * <p>
+     *             The options for customizing a security control parameter that is a double.
+     *         </p>
+     */
+    interface DoubleMember {
+        Integer?: never;
+        IntegerList?: never;
+        Double: DoubleConfigurationOptions;
+        String?: never;
+        StringList?: never;
+        Boolean?: never;
+        Enum?: never;
+        EnumList?: never;
+        $unknown?: never;
+    }
+    /**
+     * @public
+     * <p>
+     *             The options for customizing a security control parameter that is a string data type.
+     *         </p>
+     */
+    interface StringMember {
+        Integer?: never;
+        IntegerList?: never;
+        Double?: never;
+        String: StringConfigurationOptions;
+        StringList?: never;
+        Boolean?: never;
+        Enum?: never;
+        EnumList?: never;
+        $unknown?: never;
+    }
+    /**
+     * @public
+     * <p>
+     *             The options for customizing a security control parameter that is a list of strings.
+     *         </p>
+     */
+    interface StringListMember {
+        Integer?: never;
+        IntegerList?: never;
+        Double?: never;
+        String?: never;
+        StringList: StringListConfigurationOptions;
+        Boolean?: never;
+        Enum?: never;
+        EnumList?: never;
+        $unknown?: never;
+    }
+    /**
+     * @public
+     * <p>
+     *             The options for customizing a security control parameter that is a boolean. For a boolean parameter, the options are
+     *             <code>true</code> and <code>false</code>.
+     *         </p>
+     */
+    interface BooleanMember {
+        Integer?: never;
+        IntegerList?: never;
+        Double?: never;
+        String?: never;
+        StringList?: never;
+        Boolean: BooleanConfigurationOptions;
+        Enum?: never;
+        EnumList?: never;
+        $unknown?: never;
+    }
+    /**
+     * @public
+     * <p>
+     *             The options for customizing a security control parameter that is an enum.
+     *         </p>
+     */
+    interface EnumMember {
+        Integer?: never;
+        IntegerList?: never;
+        Double?: never;
+        String?: never;
+        StringList?: never;
+        Boolean?: never;
+        Enum: EnumConfigurationOptions;
+        EnumList?: never;
+        $unknown?: never;
+    }
+    /**
+     * @public
+     * <p>
+     *             The options for customizing a security control parameter that is a list of enums.
+     *         </p>
+     */
+    interface EnumListMember {
+        Integer?: never;
+        IntegerList?: never;
+        Double?: never;
+        String?: never;
+        StringList?: never;
+        Boolean?: never;
+        Enum?: never;
+        EnumList: EnumListConfigurationOptions;
+        $unknown?: never;
+    }
+    /**
+     * @public
+     */
+    interface $UnknownMember {
+        Integer?: never;
+        IntegerList?: never;
+        Double?: never;
+        String?: never;
+        StringList?: never;
+        Boolean?: never;
+        Enum?: never;
+        EnumList?: never;
+        $unknown: [string, any];
+    }
+    interface Visitor<T> {
+        Integer: (value: IntegerConfigurationOptions) => T;
+        IntegerList: (value: IntegerListConfigurationOptions) => T;
+        Double: (value: DoubleConfigurationOptions) => T;
+        String: (value: StringConfigurationOptions) => T;
+        StringList: (value: StringListConfigurationOptions) => T;
+        Boolean: (value: BooleanConfigurationOptions) => T;
+        Enum: (value: EnumConfigurationOptions) => T;
+        EnumList: (value: EnumListConfigurationOptions) => T;
+        _: (name: string, value: any) => T;
+    }
+    const visit: <T>(value: ConfigurationOptions, visitor: Visitor<T>) => T;
+}
+/**
+ * @public
+ * <p>
+ *             An object that contains the details of an Security Hub configuration policy that’s returned in a
+ *             <code>ListConfigurationPolicies</code> request.
+ *         </p>
+ */
+export interface ConfigurationPolicySummary {
+    /**
+     * @public
+     * <p>
+     *             The Amazon Resource Name (ARN) of the configuration policy.
+     *         </p>
+     */
+    Arn?: string;
+    /**
+     * @public
+     * <p>
+     *             The universally unique identifier (UUID) of the configuration policy.
+     *         </p>
+     */
+    Id?: string;
+    /**
+     * @public
+     * <p>
+     *             The name of the configuration policy.
+     *         </p>
+     */
+    Name?: string;
+    /**
+     * @public
+     * <p>
+     *             The description of the configuration policy.
+     *         </p>
+     */
+    Description?: string;
+    /**
+     * @public
+     * <p>
+     *             The date and time, in UTC and ISO 8601 format, that the configuration policy was last updated.
+     *         </p>
+     */
+    UpdatedAt?: Date;
+    /**
+     * @public
+     * <p>
+     *             Indicates whether the service that the configuration policy applies to is enabled in the policy.
+     *         </p>
+     */
+    ServiceEnabled?: boolean;
+}
+/**
+ * @public
+ * @enum
+ */
+export declare const ControlFindingGenerator: {
+    readonly SECURITY_CONTROL: "SECURITY_CONTROL";
+    readonly STANDARD_CONTROL: "STANDARD_CONTROL";
+};
+/**
+ * @public
+ */
 export type ControlFindingGenerator = (typeof ControlFindingGenerator)[keyof typeof ControlFindingGenerator];
 /**
  * @public
@@ -3744,105 +4822,330 @@ export interface CreateActionTargetRequest {
 export interface CreateActionTargetResponse {
     /**
      * @public
-     * <p>The Amazon Resource Name (ARN) for the custom action target.</p>
+     * <p>The Amazon Resource Name (ARN) for the custom action target.</p>
+     */
+    ActionTargetArn: string | undefined;
+}
+/**
+ * @public
+ * <p>The resource specified in the request conflicts with an existing resource.</p>
+ */
+export declare class ResourceConflictException extends __BaseException {
+    readonly name: "ResourceConflictException";
+    readonly $fault: "client";
+    Message?: string;
+    Code?: string;
+    /**
+     * @internal
+     */
+    constructor(opts: __ExceptionOptionType<ResourceConflictException, __BaseException>);
+}
+/**
+ * @public
+ */
+export interface CreateAutomationRuleRequest {
+    /**
+     * @public
+     * <p>
+     *             User-defined tags associated with an automation rule.
+     *         </p>
+     */
+    Tags?: Record<string, string>;
+    /**
+     * @public
+     * <p>
+     *          Whether the rule is active after it is created. If
+     *          this parameter is equal to <code>ENABLED</code>, Security Hub starts applying the rule to findings
+     *          and finding updates after the rule is created. To change the value of this
+     *          parameter after creating a rule, use <a href="https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_BatchUpdateAutomationRules.html">
+     *                <code>BatchUpdateAutomationRules</code>
+     *             </a>.
+     *       </p>
+     */
+    RuleStatus?: RuleStatus;
+    /**
+     * @public
+     * <p>An integer ranging from 1 to 1000 that represents the order in which the rule action is
+     *          applied to findings. Security Hub applies rules with lower values for this parameter
+     *          first. </p>
+     */
+    RuleOrder: number | undefined;
+    /**
+     * @public
+     * <p>
+     *          The name of the rule.
+     *       </p>
+     */
+    RuleName: string | undefined;
+    /**
+     * @public
+     * <p>
+     *          A description of the rule.
+     *       </p>
+     */
+    Description: string | undefined;
+    /**
+     * @public
+     * <p>Specifies whether a rule is the last to be applied with respect to a finding that matches the rule criteria. This is useful when a finding
+     *             matches the criteria for multiple rules, and each rule has different actions. If a rule is terminal, Security Hub applies the rule action to a finding that matches
+     *             the rule criteria and doesn't evaluate other rules for the finding. By default, a rule isn't terminal.
+     *         </p>
+     */
+    IsTerminal?: boolean;
+    /**
+     * @public
+     * <p>
+     *          A set of ASFF finding field attributes and corresponding expected values that
+     *          Security Hub uses to filter findings. If a rule is enabled and a finding matches the conditions specified in
+     *          this parameter, Security Hub applies the rule action to the finding.
+     *       </p>
+     */
+    Criteria: AutomationRulesFindingFilters | undefined;
+    /**
+     * @public
+     * <p>
+     *          One or more actions to update finding fields if a finding matches the conditions
+     *          specified in <code>Criteria</code>.
+     *       </p>
+     */
+    Actions: AutomationRulesAction[] | undefined;
+}
+/**
+ * @public
+ */
+export interface CreateAutomationRuleResponse {
+    /**
+     * @public
+     * <p>
+     *          The Amazon Resource Name (ARN) of the automation rule that you created.
+     *       </p>
+     */
+    RuleArn?: string;
+}
+/**
+ * @public
+ * <p>
+ *             A list of security controls and control parameter values that are included in a configuration policy.
+ *         </p>
+ */
+export interface SecurityControlCustomParameter {
+    /**
+     * @public
+     * <p>
+     *             The ID of the security control.
+     *         </p>
+     */
+    SecurityControlId?: string;
+    /**
+     * @public
+     * <p>
+     *             An object that specifies parameter values for a control in a configuration policy.
+     *         </p>
+     */
+    Parameters?: Record<string, ParameterConfiguration>;
+}
+/**
+ * @public
+ * <p>
+ *             An object that defines which security controls are enabled in an Security Hub configuration policy.
+ *             The enablement status of a control is aligned across all of the enabled standards in an account.
+ *         </p>
+ */
+export interface SecurityControlsConfiguration {
+    /**
+     * @public
+     * <p>
+     *             A list of security controls that are enabled in the configuration policy. Security Hub disables all other
+     *             controls (including newly released controls) other than the listed controls.
+     *         </p>
+     */
+    EnabledSecurityControlIdentifiers?: string[];
+    /**
+     * @public
+     * <p>
+     *             A list of security controls that are disabled in the configuration policy. Security Hub enables all other
+     *             controls (including newly released controls) other than the listed controls.
+     *         </p>
+     */
+    DisabledSecurityControlIdentifiers?: string[];
+    /**
+     * @public
+     * <p>
+     *             A list of security controls and control parameter values that are included in a configuration policy.
+     *         </p>
+     */
+    SecurityControlCustomParameters?: SecurityControlCustomParameter[];
+}
+/**
+ * @public
+ * <p>
+ *             An object that defines how Security Hub is configured. The configuration policy includes whether
+ *             Security Hub is enabled or disabled, a list of enabled security standards, a list of enabled or
+ *             disabled security controls, and a list of custom parameter values for specified controls. If you provide a list of security controls that are enabled in the configuration
+ *             policy, Security Hub disables all other controls (including newly released controls). If you provide a
+ *             list of security controls that are disabled in the configuration policy, Security Hub enables all other
+ *             controls (including newly released controls).
+ *         </p>
+ */
+export interface SecurityHubPolicy {
+    /**
+     * @public
+     * <p>
+     *             Indicates whether Security Hub is enabled in the policy.
+     *         </p>
+     */
+    ServiceEnabled?: boolean;
+    /**
+     * @public
+     * <p>
+     *             A list that defines which security standards are enabled in the configuration policy.
+     *         </p>
+     */
+    EnabledStandardIdentifiers?: string[];
+    /**
+     * @public
+     * <p>
+     *             An object that defines which security controls are enabled in the configuration policy. The enablement status
+     *             of a control is aligned across all of the enabled standards in an account.
+     *         </p>
+     */
+    SecurityControlsConfiguration?: SecurityControlsConfiguration;
+}
+/**
+ * @public
+ * <p>
+ *             An object that defines how Security Hub is configured. It includes whether Security Hub is
+ *             enabled or disabled, a list of enabled security standards, a list of enabled or disabled security controls, and a list of custom parameter values for specified controls.
+ *             If you provide a list of security controls that are enabled in the configuration policy, Security Hub
+ *             disables all other controls (including newly released controls). If you provide a list of security controls that
+ *             are disabled in the configuration policy, Security Hub enables all other controls (including newly
+ *             released controls).
+ *         </p>
+ */
+export type Policy = Policy.SecurityHubMember | Policy.$UnknownMember;
+/**
+ * @public
+ */
+export declare namespace Policy {
+    /**
+     * @public
+     * <p>
+     *             The Amazon Web Service that the configuration policy applies to.
+     *         </p>
+     */
+    interface SecurityHubMember {
+        SecurityHub: SecurityHubPolicy;
+        $unknown?: never;
+    }
+    /**
+     * @public
      */
-    ActionTargetArn: string | undefined;
+    interface $UnknownMember {
+        SecurityHub?: never;
+        $unknown: [string, any];
+    }
+    interface Visitor<T> {
+        SecurityHub: (value: SecurityHubPolicy) => T;
+        _: (name: string, value: any) => T;
+    }
+    const visit: <T>(value: Policy, visitor: Visitor<T>) => T;
 }
 /**
  * @public
- * <p>The resource specified in the request conflicts with an existing resource.</p>
  */
-export declare class ResourceConflictException extends __BaseException {
-    readonly name: "ResourceConflictException";
-    readonly $fault: "client";
-    Message?: string;
-    Code?: string;
+export interface CreateConfigurationPolicyRequest {
     /**
-     * @internal
+     * @public
+     * <p>
+     *             The name of the configuration policy.
+     *         </p>
      */
-    constructor(opts: __ExceptionOptionType<ResourceConflictException, __BaseException>);
-}
-/**
- * @public
- */
-export interface CreateAutomationRuleRequest {
+    Name: string | undefined;
     /**
      * @public
      * <p>
-     *             User-defined tags that help you label the purpose of a rule.
+     *             The description of the configuration policy.
      *         </p>
      */
-    Tags?: Record<string, string>;
+    Description?: string;
     /**
      * @public
      * <p>
-     *          Whether the rule is active after it is created. If
-     *          this parameter is equal to <code>ENABLED</code>, Security Hub starts applying the rule to findings
-     *          and finding updates after the rule is created. To change the value of this
-     *          parameter after creating a rule, use <a href="https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_BatchUpdateAutomationRules.html">
-     *                <code>BatchUpdateAutomationRules</code>
-     *             </a>.
-     *       </p>
+     *             An object that defines how Security Hub is configured. It includes whether Security Hub is enabled or
+     *             disabled, a list of enabled security standards, a list of enabled or disabled security controls, and a list of custom parameter values for specified controls.
+     *             If you provide a list of security controls that are enabled in the configuration policy, Security Hub disables all other controls (including newly
+     *             released controls). If you provide a list of security controls that are disabled in the configuration policy, Security Hub
+     *             enables all other controls (including newly released controls).
+     *         </p>
      */
-    RuleStatus?: RuleStatus;
+    ConfigurationPolicy: Policy | undefined;
     /**
      * @public
-     * <p>An integer ranging from 1 to 1000 that represents the order in which the rule action is
-     *          applied to findings. Security Hub applies rules with lower values for this parameter
-     *          first. </p>
+     * <p>
+     *             User-defined tags associated with a configuration policy. For more information, see
+     *             <a href="https://docs.aws.amazon.com/securityhub/latest/userguide/tagging-resources.html">Tagging Security Hub resources</a>
+     *             in the <i>Security Hub user guide</i>.
+     *         </p>
      */
-    RuleOrder: number | undefined;
+    Tags?: Record<string, string>;
+}
+/**
+ * @public
+ */
+export interface CreateConfigurationPolicyResponse {
     /**
      * @public
      * <p>
-     *          The name of the rule.
-     *       </p>
+     *             The Amazon Resource Name (ARN) of the configuration policy.
+     *         </p>
      */
-    RuleName: string | undefined;
+    Arn?: string;
     /**
      * @public
      * <p>
-     *          A description of the rule.
-     *       </p>
+     *             The universally unique identifier (UUID) of the configuration policy.
+     *         </p>
      */
-    Description: string | undefined;
+    Id?: string;
     /**
      * @public
-     * <p>Specifies whether a rule is the last to be applied with respect to a finding that matches the rule criteria. This is useful when a finding
-     *             matches the criteria for multiple rules, and each rule has different actions. If a rule is terminal, Security Hub applies the rule action to a finding that matches
-     *             the rule criteria and doesn't evaluate other rules for the finding. By default, a rule isn't terminal.
+     * <p>
+     *             The name of the configuration policy.
      *         </p>
      */
-    IsTerminal?: boolean;
+    Name?: string;
     /**
      * @public
      * <p>
-     *          A set of ASFF finding field attributes and corresponding expected values that
-     *          Security Hub uses to filter findings. If a rule is enabled and a finding matches the conditions specified in
-     *          this parameter, Security Hub applies the rule action to the finding.
-     *       </p>
+     *             The description of the configuration policy.
+     *         </p>
      */
-    Criteria: AutomationRulesFindingFilters | undefined;
+    Description?: string;
     /**
      * @public
      * <p>
-     *          One or more actions to update finding fields if a finding matches the conditions
-     *          specified in <code>Criteria</code>.
-     *       </p>
+     *             The date and time, in UTC and ISO 8601 format, that the configuration policy was last updated.
+     *         </p>
      */
-    Actions: AutomationRulesAction[] | undefined;
-}
-/**
- * @public
- */
-export interface CreateAutomationRuleResponse {
+    UpdatedAt?: Date;
     /**
      * @public
      * <p>
-     *          The Amazon Resource Name (ARN) of the automation rule that you created.
-     *       </p>
+     *             The date and time, in UTC and ISO 8601 format, that the configuration policy was created.
+     *         </p>
      */
-    RuleArn?: string;
+    CreatedAt?: Date;
+    /**
+     * @public
+     * <p>
+     *             An object that defines how Security Hub is configured. It includes whether Security Hub is enabled or disabled, a
+     *             list of enabled security standards, a list of enabled or disabled security controls, and a list of custom parameter values for specified controls.
+     *             If the request included a list of security controls that are enabled in the configuration policy, Security Hub disables all other controls (including newly
+     *             released controls). If the request included a list of security controls that are disabled in the configuration policy,
+     *             Security Hub enables all other controls (including newly released controls).
+     *         </p>
+     */
+    ConfigurationPolicy?: Policy;
 }
 /**
  * @public
@@ -3977,6 +5280,17 @@ export interface CreateMembersResponse {
      */
     UnprocessedAccounts?: Result[];
 }
+/**
+ * @public
+ * @enum
+ */
+export declare const SecurityControlProperty: {
+    readonly Parameters: "Parameters";
+};
+/**
+ * @public
+ */
+export type SecurityControlProperty = (typeof SecurityControlProperty)[keyof typeof SecurityControlProperty];
 /**
  * @public
  */
@@ -4018,6 +5332,23 @@ export interface DeleteActionTargetResponse {
      */
     ActionTargetArn: string | undefined;
 }
+/**
+ * @public
+ */
+export interface DeleteConfigurationPolicyRequest {
+    /**
+     * @public
+     * <p>
+     *             The Amazon Resource Name (ARN) or universally unique identifier (UUID) of the configuration policy.
+     *         </p>
+     */
+    Identifier: string | undefined;
+}
+/**
+ * @public
+ */
+export interface DeleteConfigurationPolicyResponse {
+}
 /**
  * @public
  */
@@ -4187,15 +5518,88 @@ export interface DescribeHubResponse {
  */
 export interface DescribeOrganizationConfigurationRequest {
 }
+/**
+ * @public
+ * @enum
+ */
+export declare const OrganizationConfigurationConfigurationType: {
+    readonly CENTRAL: "CENTRAL";
+    readonly LOCAL: "LOCAL";
+};
+/**
+ * @public
+ */
+export type OrganizationConfigurationConfigurationType = (typeof OrganizationConfigurationConfigurationType)[keyof typeof OrganizationConfigurationConfigurationType];
+/**
+ * @public
+ * @enum
+ */
+export declare const OrganizationConfigurationStatus: {
+    readonly ENABLED: "ENABLED";
+    readonly FAILED: "FAILED";
+    readonly PENDING: "PENDING";
+};
+/**
+ * @public
+ */
+export type OrganizationConfigurationStatus = (typeof OrganizationConfigurationStatus)[keyof typeof OrganizationConfigurationStatus];
+/**
+ * @public
+ * <p>
+ *             Provides information about the way an organization is configured in Security Hub.
+ *         </p>
+ */
+export interface OrganizationConfiguration {
+    /**
+     * @public
+     * <p>
+     *             Indicates whether the organization uses local or central configuration.
+     *         </p>
+     *          <p>If you use local configuration, the
+     *             Security Hub delegated administrator can set <code>AutoEnable</code> to <code>true</code> and
+     *             <code>AutoEnableStandards</code> to <code>DEFAULT</code>. This automatically enables Security Hub and
+     *             default security standards in new organization accounts. These new account settings must be set separately in
+     *             each Amazon Web Services Region, and settings may be different in each Region.
+     *         </p>
+     *          <p>
+     *             If you use central configuration, the delegated administrator can create configuration policies. Configuration
+     *             policies can be used to configure Security Hub, security standards, and security controls in multiple
+     *             accounts and Regions. If you want new organization accounts to use a specific configuration, you can create a
+     *             configuration policy and associate it with the root or specific organizational units (OUs). New accounts will
+     *             inherit the policy from the root or their assigned OU.
+     *         </p>
+     */
+    ConfigurationType?: OrganizationConfigurationConfigurationType;
+    /**
+     * @public
+     * <p>
+     *             Describes whether central configuration could be enabled as the <code>ConfigurationType</code> for the
+     *             organization. If your <code>ConfigurationType</code> is local configuration, then the value of <code>Status</code>
+     *             is always <code>ENABLED</code>.
+     *         </p>
+     */
+    Status?: OrganizationConfigurationStatus;
+    /**
+     * @public
+     * <p>
+     *             Provides an explanation if the value of <code>Status</code> is equal to <code>FAILED</code> when <code>ConfigurationType</code>
+     *             is equal to <code>CENTRAL</code>.
+     *         </p>
+     */
+    StatusMessage?: string;
+}
 /**
  * @public
  */
 export interface DescribeOrganizationConfigurationResponse {
     /**
      * @public
-     * <p>Whether to automatically enable Security Hub for new accounts in the organization.</p>
-     *          <p>If set to <code>true</code>, then Security Hub is enabled for new accounts. If set to false,
-     *          then new accounts are not added automatically.</p>
+     * <p>Whether to automatically enable Security Hub in new member accounts when they join the organization.</p>
+     *          <p>If set to <code>true</code>, then Security Hub is automatically enabled in new accounts. If set to <code>false</code>,
+     *            then Security Hub isn't enabled in new accounts automatically. The default value is <code>false</code>.</p>
+     *          <p>If the <code>ConfigurationType</code> of your organization is set to <code>CENTRAL</code>, then this field is set
+     *            to <code>false</code> and can't be changed in the home Region and linked Regions. However, in that case, the delegated administrator can create a configuration
+     *             policy in which Security Hub is enabled and associate the policy with new organization accounts.</p>
      */
     AutoEnable?: boolean;
     /**
@@ -4207,13 +5611,22 @@ export interface DescribeOrganizationConfigurationResponse {
     /**
      * @public
      * <p>Whether to automatically enable Security Hub <a href="https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-standards-enable-disable.html">default standards</a>
-     *          for new member accounts in the organization.</p>
-     *          <p>The default value of this parameter is equal to <code>DEFAULT</code>.</p>
+     *          in new member accounts when they join the organization.</p>
      *          <p>If equal to <code>DEFAULT</code>, then Security Hub default standards are automatically enabled for new member
      *          accounts. If equal to <code>NONE</code>, then default standards are not automatically enabled for new member
-     *          accounts.</p>
+     *           accounts. The default value of this parameter is equal to <code>DEFAULT</code>.</p>
+     *          <p>If the <code>ConfigurationType</code> of your organization is set to <code>CENTRAL</code>, then this field is set
+     *            to <code>NONE</code> and can't be changed in the home Region and linked Regions. However, in that case, the delegated administrator can create a configuration
+     *             policy in which specific security standards are enabled and associate the policy with new organization accounts.</p>
      */
     AutoEnableStandards?: AutoEnableStandards;
+    /**
+     * @public
+     * <p>
+     *             Provides information about the way an organization is configured in Security Hub.
+     *         </p>
+     */
+    OrganizationConfiguration?: OrganizationConfiguration;
 }
 /**
  * @public
@@ -4858,7 +6271,145 @@ export interface GetAdministratorAccountResponse {
      * @public
      * <p>Details about an invitation.</p>
      */
-    Administrator?: Invitation;
+    Administrator?: Invitation;
+}
+/**
+ * @public
+ */
+export interface GetConfigurationPolicyRequest {
+    /**
+     * @public
+     * <p>
+     *             The Amazon Resource Name (ARN) or universally unique identifier (UUID) of the configuration policy.
+     *         </p>
+     */
+    Identifier: string | undefined;
+}
+/**
+ * @public
+ */
+export interface GetConfigurationPolicyResponse {
+    /**
+     * @public
+     * <p>
+     *             The ARN of the configuration policy.
+     *         </p>
+     */
+    Arn?: string;
+    /**
+     * @public
+     * <p>
+     *             The UUID of the configuration policy.
+     *         </p>
+     */
+    Id?: string;
+    /**
+     * @public
+     * <p>
+     *             The name of the configuration policy.
+     *         </p>
+     */
+    Name?: string;
+    /**
+     * @public
+     * <p>
+     *             The description of the configuration policy.
+     *         </p>
+     */
+    Description?: string;
+    /**
+     * @public
+     * <p>
+     *             The date and time, in UTC and ISO 8601 format, that the configuration policy was last updated.
+     *         </p>
+     */
+    UpdatedAt?: Date;
+    /**
+     * @public
+     * <p>
+     *             The date and time, in UTC and ISO 8601 format, that the configuration policy was created.
+     *         </p>
+     */
+    CreatedAt?: Date;
+    /**
+     * @public
+     * <p>
+     *             An object that defines how Security Hub is configured. It includes whether Security Hub is enabled or
+     *             disabled, a list of enabled security standards, a list of enabled or disabled security controls, and a list of custom parameter values for specified controls.
+     *             If the policy includes a list of security controls that are enabled, Security Hub disables all other controls (including newly released controls).
+     *             If the policy includes a list of security controls that are disabled, Security Hub enables all other controls (including
+     *             newly released controls).
+     *         </p>
+     */
+    ConfigurationPolicy?: Policy;
+}
+/**
+ * @public
+ */
+export interface GetConfigurationPolicyAssociationRequest {
+    /**
+     * @public
+     * <p>
+     *             The target account ID, organizational unit ID, or the root ID to retrieve the association for.
+     *         </p>
+     */
+    Target: Target | undefined;
+}
+/**
+ * @public
+ */
+export interface GetConfigurationPolicyAssociationResponse {
+    /**
+     * @public
+     * <p>
+     *             The universally unique identifier (UUID) of a configuration policy. For self-managed behavior, the value is
+     *             <code>SELF_MANAGED_SECURITY_HUB</code>.
+     *         </p>
+     */
+    ConfigurationPolicyId?: string;
+    /**
+     * @public
+     * <p>
+     *             The target account ID, organizational unit ID, or the root ID for which the association is retrieved.
+     *         </p>
+     */
+    TargetId?: string;
+    /**
+     * @public
+     * <p>
+     *             Specifies whether the target is an Amazon Web Services account, organizational unit, or the organization root.
+     *         </p>
+     */
+    TargetType?: TargetType;
+    /**
+     * @public
+     * <p>
+     *             Indicates whether the association between the specified target and the configuration was directly applied by the
+     *             Security Hub delegated administrator or inherited from a parent.
+     *         </p>
+     */
+    AssociationType?: AssociationType;
+    /**
+     * @public
+     * <p>
+     *             The date and time, in UTC and ISO 8601 format, that the configuration policy association was last updated.
+     *         </p>
+     */
+    UpdatedAt?: Date;
+    /**
+     * @public
+     * <p>
+     *             The current status of the association between the specified target and the configuration.
+     *         </p>
+     */
+    AssociationStatus?: ConfigurationPolicyAssociationStatus;
+    /**
+     * @public
+     * <p>
+     *             The explanation for a <code>FAILED</code> value for <code>AssociationStatus</code>.
+     *         </p>
+     */
+    AssociationStatusMessage?: string;
 }
 /**
  * @public
@@ -5369,6 +6920,137 @@ export interface GetMembersResponse {
      */
     UnprocessedAccounts?: Result[];
 }
+/**
+ * @public
+ */
+export interface GetSecurityControlDefinitionRequest {
+    /**
+     * @public
+     * <p>
+     *             The ID of the security control to retrieve the definition for. This field doesn’t accept an Amazon Resource Name (ARN).
+     *         </p>
+     */
+    SecurityControlId: string | undefined;
+}
+/**
+ * @public
+ * @enum
+ */
+export declare const RegionAvailabilityStatus: {
+    readonly AVAILABLE: "AVAILABLE";
+    readonly UNAVAILABLE: "UNAVAILABLE";
+};
+/**
+ * @public
+ */
+export type RegionAvailabilityStatus = (typeof RegionAvailabilityStatus)[keyof typeof RegionAvailabilityStatus];
+/**
+ * @public
+ * <p>
+ *             An object that describes a security control parameter and the options for customizing it.
+ *         </p>
+ */
+export interface ParameterDefinition {
+    /**
+     * @public
+     * <p>
+     *             Description of a control parameter.
+     *         </p>
+     */
+    Description: string | undefined;
+    /**
+     * @public
+     * <p>
+     *             The options for customizing a control parameter. Customization options vary based on the data type of the parameter.
+     *         </p>
+     */
+    ConfigurationOptions: ConfigurationOptions | undefined;
+}
+/**
+ * @public
+ * <p>
+ *          Provides metadata for a security control, including its unique standard-agnostic identifier, title, description,
+ *          severity, availability in Amazon Web Services Regions, and a link to remediation steps.
+ *       </p>
+ */
+export interface SecurityControlDefinition {
+    /**
+     * @public
+     * <p>
+     *          The unique identifier of a security control across standards. Values for this field typically consist of an
+     *          Amazon Web Service name and a number (for example, APIGateway.3). This parameter differs from
+     *          <code>SecurityControlArn</code>, which is a unique Amazon Resource Name (ARN) assigned to a control. The
+     *          ARN references the security control ID (for example, arn:aws:securityhub:eu-central-1:123456789012:security-control/APIGateway.3).
+     *       </p>
+     */
+    SecurityControlId: string | undefined;
+    /**
+     * @public
+     * <p>
+     *          The title of a security control.
+     *       </p>
+     */
+    Title: string | undefined;
+    /**
+     * @public
+     * <p> The description of a security control across standards. This typically summarizes how
+     *             Security Hub evaluates the control and the conditions under which it produces a
+     *          failed finding. This parameter doesn't reference a specific standard. </p>
+     */
+    Description: string | undefined;
+    /**
+     * @public
+     * <p>
+     *          A link to Security Hub documentation that explains how to remediate a failed finding for a security control.
+     *       </p>
+     */
+    RemediationUrl: string | undefined;
+    /**
+     * @public
+     * <p>
+     *          The severity of a security control. For more information about how Security Hub determines control severity,
+     *          see <a href="https://docs.aws.amazon.com/securityhub/latest/userguide/controls-findings-create-update.html#control-findings-severity">Assigning severity to control findings</a> in the
+     *          <i>Security Hub User Guide</i>.
+     *       </p>
+     */
+    SeverityRating: SeverityRating | undefined;
+    /**
+     * @public
+     * <p>
+     *          Specifies whether a security control is available in the current Amazon Web Services Region.
+     *       </p>
+     */
+    CurrentRegionAvailability: RegionAvailabilityStatus | undefined;
+    /**
+     * @public
+     * <p>
+     *             Security control properties that you can customize. Currently, only parameter customization is supported for select
+     *             controls. An empty array is returned for controls that don’t support custom properties.
+     *         </p>
+     */
+    CustomizableProperties?: SecurityControlProperty[];
+    /**
+     * @public
+     * <p>
+     *             An object that provides a security control parameter name, description, and the options for customizing it. This
+     * object is excluded for a control that doesn't support custom parameters.
+     *         </p>
+     */
+    ParameterDefinitions?: Record<string, ParameterDefinition>;
+}
+/**
+ * @public
+ */
+export interface GetSecurityControlDefinitionResponse {
+    /**
+     * @public
+     * <p>
+     *          Provides metadata for a security control, including its unique standard-agnostic identifier, title, description,
+     *          severity, availability in Amazon Web Services Regions, and a link to remediation steps.
+     *       </p>
+     */
+    SecurityControlDefinition: SecurityControlDefinition | undefined;
+}
 /**
  * @public
  */
@@ -5430,6 +7112,110 @@ export interface ListAutomationRulesResponse {
      */
     NextToken?: string;
 }
+/**
+ * @public
+ */
+export interface ListConfigurationPoliciesRequest {
+    /**
+     * @public
+     * <p>
+     *             The NextToken value that's returned from a previous paginated <code>ListConfigurationPolicies</code> request where
+     *             <code>MaxResults</code> was used but the results exceeded the value of that parameter. Pagination continues from the
+     *             <code>MaxResults</code> was used but the results exceeded the value of that parameter. Pagination continues from the
+     *             end of the previous response that returned the <code>NextToken</code> value. This value is <code>null</code> when
+     *             there are no more results to return.
+     *         </p>
+     */
+    NextToken?: string;
+    /**
+     * @public
+     * <p>
+     *             The maximum number of results that's returned by <code>ListConfigurationPolicies</code> in each page of the response.
+     *             When this parameter is used, <code>ListConfigurationPolicies</code> returns the specified number of results in a
+     *             single page and a <code>NextToken</code> response element. You can see the remaining results of the initial request
+     *             by sending another <code>ListConfigurationPolicies</code> request with the returned <code>NextToken</code> value. A
+     *             valid range for <code>MaxResults</code> is between 1 and 100.
+     *         </p>
+     */
+    MaxResults?: number;
+}
+/**
+ * @public
+ */
+export interface ListConfigurationPoliciesResponse {
+    /**
+     * @public
+     * <p>
+     *             Provides metadata for each of your configuration policies.
+     *         </p>
+     */
+    ConfigurationPolicySummaries?: ConfigurationPolicySummary[];
+    /**
+     * @public
+     * <p>
+     *             The <code>NextToken</code> value to include in the next <code>ListConfigurationPolicies</code> request. When the
+     *             results of a <code>ListConfigurationPolicies</code> request exceed <code>MaxResults</code>, this value can be used to
+     *             retrieve the next page of results. This value is <code>null</code> when there are no more results to return.
+     *         </p>
+     */
+    NextToken?: string;
+}
+/**
+ * @public
+ */
+export interface ListConfigurationPolicyAssociationsRequest {
+    /**
+     * @public
+     * <p>
+     *             The <code>NextToken</code> value that's returned from a previous paginated <code>ListConfigurationPolicyAssociations</code>
+     *             request where <code>MaxResults</code> was used but the results exceeded the value of that parameter. Pagination
+     *             continues from the end of the previous response that returned the <code>NextToken</code> value. This value is <code>null</code>
+     *             when there are no more results to return.
+     *         </p>
+     */
+    NextToken?: string;
+    /**
+     * @public
+     * <p>
+     *             The maximum number of results that's returned by <code>ListConfigurationPolicies</code> in each page of the response.
+     *             When this parameter is used, <code>ListConfigurationPolicyAssociations</code> returns the specified number of results
+     *             in a single page and a <code>NextToken</code> response element. You can see the remaining results of the initial
+     *             request by sending another <code>ListConfigurationPolicyAssociations</code> request with the returned <code>NextToken</code>
+     *             value. A valid range for <code>MaxResults</code> is between 1 and 100.
+     *         </p>
+     */
+    MaxResults?: number;
+    /**
+     * @public
+     * <p>
+     *             Options for filtering the <code>ListConfigurationPolicyAssociations</code> response. You can filter by the Amazon Resource Name (ARN) or
+     *             universally unique identifier (UUID) of a configuration, <code>AssociationType</code>, or <code>AssociationStatus</code>.
+     *         </p>
+     */
+    Filters?: AssociationFilters;
+}
+/**
+ * @public
+ */
+export interface ListConfigurationPolicyAssociationsResponse {
+    /**
+     * @public
+     * <p>
+     *             An object that contains the details of each configuration policy association that’s returned in a
+     *             <code>ListConfigurationPolicyAssociations</code> request.
+     *         </p>
+     */
+    ConfigurationPolicyAssociationSummaries?: ConfigurationPolicyAssociationSummary[];
+    /**
+     * @public
+     * <p>
+     *             The <code>NextToken</code> value to include in the next <code>ListConfigurationPolicyAssociations</code> request. When
+     *             the results of a <code>ListConfigurationPolicyAssociations</code> request exceed <code>MaxResults</code>, this value
+     *             can be used to retrieve the next page of results. This value is <code>null</code> when there are no more results to return.
+     *         </p>
+     */
+    NextToken?: string;
+}
 /**
  * @public
  */
@@ -5577,131 +7363,63 @@ export interface ListMembersResponse {
 /**
  * @public
  */
-export interface ListOrganizationAdminAccountsRequest {
-    /**
-     * @public
-     * <p>The maximum number of items to return in the response.</p>
-     */
-    MaxResults?: number;
-    /**
-     * @public
-     * <p>The token that is required for pagination. On your first call to the
-     *             <code>ListOrganizationAdminAccounts</code> operation, set the value of this parameter to
-     *             <code>NULL</code>. For subsequent calls to the operation, to continue listing data, set
-     *          the value of this parameter to the value returned from the previous response. </p>
-     */
-    NextToken?: string;
-}
-/**
- * @public
- */
-export interface ListOrganizationAdminAccountsResponse {
-    /**
-     * @public
-     * <p>The list of Security Hub administrator accounts.</p>
-     */
-    AdminAccounts?: AdminAccount[];
-    /**
-     * @public
-     * <p>The pagination token to use to request the next page of results.</p>
-     */
-    NextToken?: string;
-}
-/**
- * @public
- */
-export interface ListSecurityControlDefinitionsRequest {
-    /**
-     * @public
-     * <p>
-     *          The Amazon Resource Name (ARN) of the standard that you want to view controls for.
-     *       </p>
-     */
-    StandardsArn?: string;
-    /**
-     * @public
-     * <p>
-     *          Optional pagination parameter.
-     *       </p>
-     */
-    NextToken?: string;
-    /**
-     * @public
-     * <p> An optional parameter that limits the total results of the API response to the
-     *          specified number. If this parameter isn't provided in the request, the results include the
-     *          first 25 security controls that apply to the specified standard. The results also include a
-     *             <code>NextToken</code> parameter that you can use in a subsequent API call to get the
-     *          next 25 controls. This repeats until all controls for the standard are returned. </p>
-     */
-    MaxResults?: number;
-}
-/**
- * @public
- * @enum
- */
-export declare const RegionAvailabilityStatus: {
-    readonly AVAILABLE: "AVAILABLE";
-    readonly UNAVAILABLE: "UNAVAILABLE";
-};
-/**
- * @public
- */
-export type RegionAvailabilityStatus = (typeof RegionAvailabilityStatus)[keyof typeof RegionAvailabilityStatus];
-/**
- * @public
- * <p>
- *          Provides metadata for a security control, including its unique standard-agnostic identifier, title, description,
- *          severity, availability in Amazon Web Services Regions, and a link to remediation steps.
- *       </p>
- */
-export interface SecurityControlDefinition {
+export interface ListOrganizationAdminAccountsRequest {
     /**
      * @public
-     * <p>
-     *          The unique identifier of a security control across standards. Values for this field typically consist of an
-     *          Amazon Web Service name and a number (for example, APIGateway.3). This parameter differs from
-     *          <code>SecurityControlArn</code>, which is a unique Amazon Resource Name (ARN) assigned to a control. The
-     *          ARN references the security control ID (for example, arn:aws:securityhub:eu-central-1:123456789012:security-control/APIGateway.3).
-     *       </p>
+     * <p>The maximum number of items to return in the response.</p>
      */
-    SecurityControlId: string | undefined;
+    MaxResults?: number;
     /**
      * @public
-     * <p>
-     *          The title of a security control.
-     *       </p>
+     * <p>The token that is required for pagination. On your first call to the
+     *             <code>ListOrganizationAdminAccounts</code> operation, set the value of this parameter to
+     *             <code>NULL</code>. For subsequent calls to the operation, to continue listing data, set
+     *          the value of this parameter to the value returned from the previous response. </p>
      */
-    Title: string | undefined;
+    NextToken?: string;
+}
+/**
+ * @public
+ */
+export interface ListOrganizationAdminAccountsResponse {
     /**
      * @public
-     * <p> The description of a security control across standards. This typically summarizes how
-     *             Security Hub evaluates the control and the conditions under which it produces a
-     *          failed finding. This parameter doesn't reference a specific standard. </p>
+     * <p>The list of Security Hub administrator accounts.</p>
      */
-    Description: string | undefined;
+    AdminAccounts?: AdminAccount[];
     /**
      * @public
-     * <p>
-     *          A link to Security Hub documentation that explains how to remediate a failed finding for a security control.
-     *       </p>
+     * <p>The pagination token to use to request the next page of results.</p>
      */
-    RemediationUrl: string | undefined;
+    NextToken?: string;
+}
+/**
+ * @public
+ */
+export interface ListSecurityControlDefinitionsRequest {
     /**
      * @public
      * <p>
-     *          The severity of a security control. For more information about how Security Hub determines control severity,
-     *          see <a href="https://docs.aws.amazon.com/securityhub/latest/userguide/controls-findings-create-update.html#control-findings-severity">Assigning severity to control findings</a> in the
-     *          <i>Security Hub User Guide</i>.
+     *          The Amazon Resource Name (ARN) of the standard that you want to view controls for.
      *       </p>
      */
-    SeverityRating: SeverityRating | undefined;
+    StandardsArn?: string;
     /**
      * @public
      * <p>
-     *          Specifies whether a security control is available in the current Amazon Web Services Region.
+     *          Optional pagination parameter.
      *       </p>
      */
-    CurrentRegionAvailability: RegionAvailabilityStatus | undefined;
+    NextToken?: string;
+    /**
+     * @public
+     * <p> An optional parameter that limits the total results of the API response to the
+     *          specified number. If this parameter isn't provided in the request, the results include the
+     *          first 25 security controls that apply to the specified standard. The results also include a
+     *             <code>NextToken</code> parameter that you can use in a subsequent API call to get the
+     *          next 25 controls. This repeats until all controls for the standard are returned. </p>
+     */
+    MaxResults?: number;
 }
 /**
  * @public
@@ -5796,12 +7514,12 @@ export interface StandardsControlAssociationSummary {
     RelatedRequirements?: string[];
     /**
      * @public
-     * <p> The last time that a control's enablement status in a specified standard was updated. </p>
+     * <p>The last time that a control's enablement status in a specified standard was updated.</p>
      */
     UpdatedAt?: Date;
     /**
      * @public
-     * <p> The reason for updating the control's enablement status in a specified standard. </p>
+     * <p>The reason for updating a control's enablement status in a specified standard.</p>
      */
     UpdatedReason?: string;
     /**
@@ -5857,6 +7575,121 @@ export interface ListTagsForResourceResponse {
      */
     Tags?: Record<string, string>;
 }
+/**
+ * @public
+ * <p>
+ *             The request was rejected because it conflicts with the resource's availability. For example, you tried
+ *             to update a security control that's currently in the <code>UPDATING</code> state.
+ *         </p>
+ */
+export declare class ResourceInUseException extends __BaseException {
+    readonly name: "ResourceInUseException";
+    readonly $fault: "client";
+    Message?: string;
+    Code?: string;
+    /**
+     * @internal
+     */
+    constructor(opts: __ExceptionOptionType<ResourceInUseException, __BaseException>);
+}
+/**
+ * @public
+ */
+export interface StartConfigurationPolicyAssociationRequest {
+    /**
+     * @public
+     * <p>
+     *             The Amazon Resource Name (ARN) or universally unique identifier (UUID) of the configuration policy.
+     *         </p>
+     */
+    ConfigurationPolicyIdentifier: string | undefined;
+    /**
+     * @public
+     * <p>
+     *             The identifier of the target account, organizational unit, or the root to associate with the specified configuration.
+     *         </p>
+     */
+    Target: Target | undefined;
+}
+/**
+ * @public
+ */
+export interface StartConfigurationPolicyAssociationResponse {
+    /**
+     * @public
+     * <p>
+     *             The UUID of the configuration policy.
+     *         </p>
+     */
+    ConfigurationPolicyId?: string;
+    /**
+     * @public
+     * <p>
+     *             The identifier of the target account, organizational unit, or the organization root with which the configuration is associated.
+     *         </p>
+     */
+    TargetId?: string;
+    /**
+     * @public
+     * <p>
+     *             Indicates whether the target is an Amazon Web Services account, organizational unit, or the organization root.
+     *         </p>
+     */
+    TargetType?: TargetType;
+    /**
+     * @public
+     * <p>
+     *             Indicates whether the association between the specified target and the configuration was directly applied by the
+     *             Security Hub delegated administrator or inherited from a parent.
+     *         </p>
+     */
+    AssociationType?: AssociationType;
+    /**
+     * @public
+     * <p>
+     *             The date and time, in UTC and ISO 8601 format, that the configuration policy association was last updated.
+     *         </p>
+     */
+    UpdatedAt?: Date;
+    /**
+     * @public
+     * <p>
+     *             The current status of the association between the specified target and the configuration.
+     *         </p>
+     */
+    AssociationStatus?: ConfigurationPolicyAssociationStatus;
+    /**
+     * @public
+     * <p>
+     *             An explanation for a <code>FAILED</code> value for <code>AssociationStatus</code>.
+     *         </p>
+     */
+    AssociationStatusMessage?: string;
+}
+/**
+ * @public
+ */
+export interface StartConfigurationPolicyDisassociationRequest {
+    /**
+     * @public
+     * <p>
+     *             The identifier of the target account, organizational unit, or the root to disassociate from the specified configuration.
+     *         </p>
+     */
+    Target?: Target;
+    /**
+     * @public
+     * <p>
+     *             The Amazon Resource Name (ARN) or universally unique identifier (UUID) of the configuration policy.
+     *         </p>
+     */
+    ConfigurationPolicyIdentifier: string | undefined;
+}
+/**
+ * @public
+ */
+export interface StartConfigurationPolicyDisassociationResponse {
+}
 /**
  * @public
  */
@@ -5922,6 +7755,110 @@ export interface UpdateActionTargetRequest {
  */
 export interface UpdateActionTargetResponse {
 }
+/**
+ * @public
+ */
+export interface UpdateConfigurationPolicyRequest {
+    /**
+     * @public
+     * <p>
+     *             The Amazon Resource Name (ARN) or universally unique identifier (UUID) of the configuration policy.
+     *         </p>
+     */
+    Identifier: string | undefined;
+    /**
+     * @public
+     * <p>
+     *             The name of the configuration policy.
+     *         </p>
+     */
+    Name?: string;
+    /**
+     * @public
+     * <p>
+     *             The description of the configuration policy.
+     *         </p>
+     */
+    Description?: string;
+    /**
+     * @public
+     * <p>
+     *             The reason for updating the configuration policy.
+     *         </p>
+     */
+    UpdatedReason?: string;
+    /**
+     * @public
+     * <p>
+     *             An object that defines how Security Hub is configured. It includes whether Security Hub is enabled or
+     *             disabled, a list of enabled security standards, a list of enabled or disabled security controls, and a list of custom parameter values for specified controls.
+     *             If you provide a list of security controls that are enabled in the configuration policy, Security Hub disables all other controls (including newly
+     *             released controls). If you provide a list of security controls that are disabled in the configuration policy, Security Hub
+     *             enables all other controls (including newly released controls).
+     *         </p>
+     *          <p>When updating a configuration policy, provide a complete list of standards that you want to enable and a complete list
+     *             of controls that you want to enable or disable. The updated configuration replaces the current configuration.</p>
+     */
+    ConfigurationPolicy?: Policy;
+}
+/**
+ * @public
+ */
+export interface UpdateConfigurationPolicyResponse {
+    /**
+     * @public
+     * <p>
+     *             The ARN of the configuration policy.
+     *         </p>
+     */
+    Arn?: string;
+    /**
+     * @public
+     * <p>
+     *             The UUID of the configuration policy.
+     *         </p>
+     */
+    Id?: string;
+    /**
+     * @public
+     * <p>
+     *             The name of the configuration policy.
+     *         </p>
+     */
+    Name?: string;
+    /**
+     * @public
+     * <p>
+     *             The description of the configuration policy.
+     *         </p>
+     */
+    Description?: string;
+    /**
+     * @public
+     * <p>
+     *             The date and time, in UTC and ISO 8601 format, that the configuration policy was last updated.
+     *         </p>
+     */
+    UpdatedAt?: Date;
+    /**
+     * @public
+     * <p>
+     *             The date and time, in UTC and ISO 8601 format, that the configuration policy was created.
+     *         </p>
+     */
+    CreatedAt?: Date;
+    /**
+     * @public
+     * <p>
+     *             An object that defines how Security Hub is configured. It includes whether Security Hub is enabled or
+     *             disabled, a list of enabled security standards, a list of enabled or disabled security controls, and a list of custom parameter values for specified controls. If the request included a
+     *             list of security controls that are enabled in the configuration policy, Security Hub disables all other controls (including
+     *             newly released controls). If the request included a list of security controls that are disabled in the configuration policy,
+     *             Security Hub enables all other controls (including newly released controls).
+     *         </p>
+     */
+    ConfigurationPolicy?: Policy;
+}
 /**
  * @public
  */
@@ -6048,26 +7985,72 @@ export interface UpdateInsightResponse {
 export interface UpdateOrganizationConfigurationRequest {
     /**
      * @public
-     * <p>Whether to automatically enable Security Hub for new accounts in the organization.</p>
-     *          <p>By default, this is <code>false</code>, and new accounts are not added
-     *          automatically.</p>
-     *          <p>To automatically enable Security Hub for new accounts, set this to <code>true</code>.</p>
+     * <p>Whether to automatically enable Security Hub in new member accounts when they join the organization.</p>
+     *          <p>If set to <code>true</code>, then Security Hub is automatically enabled in new accounts. If set to <code>false</code>,
+     *            then Security Hub isn't enabled in new accounts automatically. The default value is <code>false</code>.</p>
+     *          <p>If the <code>ConfigurationType</code> of your organization is set to <code>CENTRAL</code>, then this field is set
+     *            to <code>false</code> and can't be changed in the home Region and linked Regions. However, in that case, the delegated administrator can create a configuration
+     *             policy in which Security Hub is enabled and associate the policy with new organization accounts.</p>
      */
     AutoEnable: boolean | undefined;
     /**
      * @public
      * <p>Whether to automatically enable Security Hub <a href="https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-standards-enable-disable.html">default standards</a>
-     *          for new member accounts in the organization.</p>
-     *          <p>By default, this parameter is equal to <code>DEFAULT</code>, and new member accounts are automatically enabled with default Security Hub standards.</p>
-     *          <p>To opt out of enabling default standards for new member accounts, set this parameter equal to <code>NONE</code>.</p>
+     *            in new member accounts when they join the organization.</p>
+     *          <p>The default value of this parameter is equal to <code>DEFAULT</code>.</p>
+     *          <p>If equal to <code>DEFAULT</code>, then Security Hub default standards are automatically enabled for new member
+     *            accounts. If equal to <code>NONE</code>, then default standards are not automatically enabled for new member
+     *            accounts.</p>
+     *          <p>If the <code>ConfigurationType</code> of your organization is set to <code>CENTRAL</code>, then this field is set
+     *            to <code>NONE</code> and can't be changed in the home Region and linked Regions. However, in that case, the delegated administrator can create a configuration
+     *             policy in which specific security standards are enabled and associate the policy with new organization accounts.</p>
      */
     AutoEnableStandards?: AutoEnableStandards;
+    /**
+     * @public
+     * <p>
+     *             Provides information about the way an organization is configured in Security Hub.
+     *         </p>
+     */
+    OrganizationConfiguration?: OrganizationConfiguration;
 }
 /**
  * @public
  */
 export interface UpdateOrganizationConfigurationResponse {
 }
+/**
+ * @public
+ */
+export interface UpdateSecurityControlRequest {
+    /**
+     * @public
+     * <p>
+     *             The Amazon Resource Name (ARN) or ID of the control to update.
+     *         </p>
+     */
+    SecurityControlId: string | undefined;
+    /**
+     * @public
+     * <p>
+     *             An object that specifies which security control parameters to update.
+     *         </p>
+     */
+    Parameters: Record<string, ParameterConfiguration> | undefined;
+    /**
+     * @public
+     * <p>
+     *             The most recent reason for updating the properties of the security control. This field accepts alphanumeric
+     * characters in addition to white spaces, dashes, and underscores.
+     *         </p>
+     */
+    LastUpdateReason?: string;
+}
+/**
+ * @public
+ */
+export interface UpdateSecurityControlResponse {
+}
 /**
  * @public
  */