STANDARD='arn:aws:securityhub:::ruleset/nist-800-53/v/5.0.0'
 
aws securityhub  batch-update-standards-control-associations \
    --standards-control-association-updates \
    --profile OrgDeployRole \
    '[
    {
    "SecurityControlId": "IAM.9",
    "StandardsArn": "'"${STANDARD}"'",
    "AssociationStatus": "DISABLED",
    "UpdatedReason": "Not applicable to environment"
    }
    ]'

"StandardsArn": "'"${STANDARD}"'" 

JSON keys and values need to be quoted, so that's the outside double quotes, STANDARD cannot be expanded by the aws command so it is single quoted, but lastly as BASH sees it, it is double quoted so BASH can expand the variable “${STANDARD}” to the value it represents.

I think…. Not 100% sure on the single quotes usage