AWS Security ChangesHomeSearch

AWS securityhub documentation change

Service: securityhub · 2025-02-27 · Documentation low

File: securityhub/latest/userguide/fsbp-standard.md

Summary

Added multiple new controls including Connect logging, ELB security policies, GuardDuty monitoring, Network Firewall protection, RDS logging, SQS access policies, and Transfer Family logging

Security assessment

The changes add documentation for various security-related controls and best practices, but there is no evidence they are addressing specific security vulnerabilities or incidents.

Diff

diff --git a/securityhub/latest/userguide/fsbp-standard.md
index 5453ccac8..2ee315633 100644
--- a/securityhub/latest/userguide/fsbp-standard.md
+++ b/securityhub/latest/userguide/fsbp-standard.md
@@ -102,0 +103,2 @@ The controls include security best practices for resources from multiple AWS ser
+[[Connect.2] Amazon Connect instances should have CloudWatch logging enabled](./connect-controls.html#connect-2)
+
@@ -292,0 +295,2 @@ The controls include security best practices for resources from multiple AWS ser
+[[ELB.17] Application and Network Load Balancers with listeners should use recommended security policies](./elb-controls.html#elb-17)
+
@@ -324,0 +329,2 @@ The controls include security best practices for resources from multiple AWS ser
+[[Glue.4] AWS Glue Spark jobs should run on supported versions of AWS Glue](./glue-controls.html#glue-4)
+
@@ -338,0 +345,6 @@ The controls include security best practices for resources from multiple AWS ser
+[[GuardDuty.11] GuardDuty Runtime Monitoring should be enabled](./guardduty-controls.html#guardduty-11)
+
+[[GuardDuty.12] GuardDuty ECS Runtime Monitoring should be enabled](./guardduty-controls.html#guardduty-12)
+
+[[GuardDuty.13] GuardDuty EC2 Runtime Monitoring should be enabled](./guardduty-controls.html#guardduty-13)
+
@@ -422,0 +435,2 @@ The controls include security best practices for resources from multiple AWS ser
+[[NetworkFirewall.10] Network Firewall firewalls should have subnet change protection enabled](./networkfirewall-controls.html#networkfirewall-10)
+
@@ -504,0 +519,2 @@ The controls include security best practices for resources from multiple AWS ser
+[[RDS.40] RDS for SQL Server DB instances should publish logs to CloudWatch Logs](./rds-controls.html#rds-40)
+
@@ -570,0 +587,2 @@ The controls include security best practices for resources from multiple AWS ser
+[[SQS.3] SQS queue access policies should not allow public access](./sqs-controls.html#sqs-3)
+
@@ -582,0 +601,2 @@ The controls include security best practices for resources from multiple AWS ser
+[[Transfer.3] Transfer Family connectors should have logging enabled](./transfer-controls.html#transfer-3)
+