diff --git a/README.md b/README.md
index 64f81c4..2b95a82 100644
--- a/README.md
+++ b/README.md
@@ -510,6 +510,7 @@ module "landing_zone" {
| [aws_securityhub_organization_admin_account.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/securityhub_organization_admin_account) | resource |
| [aws_securityhub_organization_configuration.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/securityhub_organization_configuration) | resource |
| [aws_securityhub_product_subscription.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/securityhub_product_subscription) | resource |
+| [aws_securityhub_standards_control.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/securityhub_standards_control) | resource |
| [aws_securityhub_standards_subscription.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/securityhub_standards_subscription) | resource |
| [aws_securityhub_standards_subscription.logging](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/securityhub_standards_subscription) | resource |
| [aws_securityhub_standards_subscription.management](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/securityhub_standards_subscription) | resource |
@@ -550,7 +551,7 @@ module "landing_zone" {
| [aws\_guardduty](#input\_aws\_guardduty) | AWS GuardDuty settings | object({
enabled = optional(bool, true)
finding_publishing_frequency = optional(string, "FIFTEEN_MINUTES")
ebs_malware_protection_status = optional(bool, true)
eks_addon_management_status = optional(bool, true)
eks_audit_logs_status = optional(bool, true)
eks_runtime_monitoring_status = optional(bool, true)
lambda_network_logs_status = optional(bool, true)
rds_login_events_status = optional(bool, true)
s3_data_events_status = optional(bool, true)
}) | {
"ebs_malware_protection_status": true,
"eks_addon_management_status": true,
"eks_audit_logs_status": true,
"eks_runtime_monitoring_status": true,
"enabled": true,
"finding_publishing_frequency": "FIFTEEN_MINUTES",
"lambda_network_logs_status": true,
"rds_login_events_status": true,
"s3_data_events_status": true
} | no |
| [aws\_inspector](#input\_aws\_inspector) | AWS Inspector settings, at least one of the scan options must be enabled | object({
enabled = optional(bool, false)
enable_scan_ec2 = optional(bool, true)
enable_scan_ecr = optional(bool, true)
enable_scan_lambda = optional(bool, true)
enable_scan_lambda_code = optional(bool, true)
}) | {
"enable_scan_ec2": true,
"enable_scan_ecr": true,
"enable_scan_lambda": true,
"enable_scan_lambda_code": true,
"enabled": false
} | no |
| [aws\_required\_tags](#input\_aws\_required\_tags) | AWS Required tags settings | map(list(object({
name = string
values = optional(list(string))
enforced_for = optional(list(string))
}))) | `null` | no |
-| [aws\_security\_hub](#input\_aws\_security\_hub) | AWS Security Hub settings | object({
enabled = optional(bool, true)
auto_enable_controls = optional(bool, true)
auto_enable_default_standards = optional(bool, false)
control_finding_generator = optional(string, "SECURITY_CONTROL")
create_cis_metric_filters = optional(bool, true)
product_arns = optional(list(string), [])
standards_arns = optional(list(string), null)
}) | {
"auto_enable_controls": true,
"auto_enable_default_standards": false,
"control_finding_generator": "SECURITY_CONTROL",
"create_cis_metric_filters": true,
"enabled": true,
"product_arns": [],
"standards_arns": null
} | no |
+| [aws\_security\_hub](#input\_aws\_security\_hub) | AWS Security Hub settings | object({
enabled = optional(bool, true)
auto_enable_controls = optional(bool, true)
auto_enable_default_standards = optional(bool, false)
control_finding_generator = optional(string, "SECURITY_CONTROL")
create_cis_metric_filters = optional(bool, true)
product_arns = optional(list(string), [])
standards_arns = optional(list(string), null)
disabled_standards_arns = optional(list(object({
standards_control_arn = string
disabled_reason = string
})), null)
}) | {
"auto_enable_controls": true,
"auto_enable_default_standards": false,
"control_finding_generator": "SECURITY_CONTROL",
"create_cis_metric_filters": true,
"disabled_standards_arns": null,
"enabled": true,
"product_arns": [],
"standards_arns": null
} | no |
| [aws\_security\_hub\_sns\_subscription](#input\_aws\_security\_hub\_sns\_subscription) | Subscription options for the LandingZone-SecurityHubFindings SNS topic | map(object({
endpoint = string
protocol = string
})) | `{}` | no |
| [aws\_service\_control\_policies](#input\_aws\_service\_control\_policies) | AWS SCP's parameters to disable required/denied policies, set a list of allowed AWS regions, and set principals that are exempt from the restriction | object({
allowed_regions = optional(list(string), [])
aws_deny_disabling_security_hub = optional(bool, true)
aws_deny_leaving_org = optional(bool, true)
aws_deny_root_user_ous = optional(list(string), [])
aws_require_imdsv2 = optional(bool, true)
principal_exceptions = optional(list(string), [])
}) | `{}` | no |
| [aws\_sso\_permission\_sets](#input\_aws\_sso\_permission\_sets) | Map of AWS IAM Identity Center permission sets with AWS accounts and group names that should be granted access to each account | map(object({
assignments = list(map(list(string)))
inline_policy = optional(string, null)
managed_policy_arns = optional(list(string), [])
session_duration = optional(string, "PT4H")
})) | `{}` | no |