AWS securityhub medium security documentation change
Summary
Added support for two new TLS security policy parameters (ELBSecurityPolicy-TLS13-1-2-Res-2021-06 and ELBSecurityPolicy-TLS13-1-2-Res-FIPS-2023-04) to the ELB.17 control checking load balancer encryption configurations
Security assessment
The change documents new TLS security policies that enforce encryption in transit best practices. While not explicitly mentioning a vulnerability, TLS policy updates typically address cryptographic weaknesses and compliance requirements.
Diff
diff --git a/securityhub/latest/userguide/controls-change-log.md b/securityhub/latest/userguide/controls-change-log.md index e92364995..96b8680e4 100644 --- a//securityhub/latest/userguide/controls-change-log.md +++ b//securityhub/latest/userguide/controls-change-log.md @@ -12,0 +13 @@ Date of change | Control ID and title | Description of change +April 7, 2025 | [[ELB.17] Application and Network Load Balancers with listeners should use recommended security policies](./elb-controls.html#elb-17) | This control checks whether the HTTPS listener for an Application Load Balancer or the TLS listener for a Network Load Balancer is configured to encrypt data in transit by using a recommended security policy. Security Hub now supports two additional parameter values for this control: `ELBSecurityPolicy-TLS13-1-2-Res-2021-06` and `ELBSecurityPolicy-TLS13-1-2-Res-FIPS-2023-04`.