AWS Security ChangesHomeSearch

AWS securityhub medium security documentation change

Service: securityhub · 2025-04-11 · Security-related medium

File: securityhub/latest/userguide/controls-change-log.md

Summary

Added support for two new TLS security policy parameters (ELBSecurityPolicy-TLS13-1-2-Res-2021-06 and ELBSecurityPolicy-TLS13-1-2-Res-FIPS-2023-04) to the ELB.17 control checking load balancer encryption configurations

Security assessment

The change documents new TLS security policies that enforce encryption in transit best practices. While not explicitly mentioning a vulnerability, TLS policy updates typically address cryptographic weaknesses and compliance requirements.

Diff

diff --git a/securityhub/latest/userguide/controls-change-log.md b/securityhub/latest/userguide/controls-change-log.md
index e92364995..96b8680e4 100644
--- a//securityhub/latest/userguide/controls-change-log.md
+++ b//securityhub/latest/userguide/controls-change-log.md
@@ -12,0 +13 @@ Date of change | Control ID and title | Description of change
+April 7, 2025 | [[ELB.17] Application and Network Load Balancers with listeners should use recommended security policies](./elb-controls.html#elb-17) | This control checks whether the HTTPS listener for an Application Load Balancer or the TLS listener for a Network Load Balancer is configured to encrypt data in transit by using a recommended security policy. Security Hub now supports two additional parameter values for this control: `ELBSecurityPolicy-TLS13-1-2-Res-2021-06` and `ELBSecurityPolicy-TLS13-1-2-Res-FIPS-2023-04`.