Controls are showing as UNKNOWN compliance status in AUTOMATE+?
When you first deploy AUTOMATE+ to your AWS account, if this is the first time that you have run AWS Security Hub then it will take between 18 to 24 hours for Security Hub to generate findings.
Where Security Hub has not yet generated findings, a "No Data" message will appear in the Security Hub control page. In these situations, AUTOMATE+ will display an UNKNOWN compliance status.
There are a number of other reasons that a control may be displaying an UNKNOWN compliance status:
Controls can be available only in certain AWS Regions. If the a control is not in your chosen AUTOMATE+ deployment region then these controls will display an UNKNOWN compliance status.
Some controls are dependent on other controls in order to generate an AWS Security Hub Finding. In these instances, Security Hub will display a No Data message and in turn an UNKNOWN compliance status.
Controls showing UNKNOWN status are excluded AUTOMATE+ compliance attainment percentage on the dashboard and other related calculations.