AWS securityhub documentation change
Summary
Updated terminology and expanded explanation of security score calculation. Added details about regional aggregation and administrator account aggregation. Improved clarity around score generation timelines.
Security assessment
Changes clarify existing security scoring functionality but do not address vulnerabilities or security incidents. Enhancements to documentation about security features (score calculation, aggregation) qualify as adding security documentation.
Diff
diff --git a/securityhub/latest/userguide/securityhub-standards-view-controls.md b/securityhub/latest/userguide/securityhub-standards-view-controls.md index be8f096a8..4e3f3aa88 100644 --- a//securityhub/latest/userguide/securityhub-standards-view-controls.md +++ b//securityhub/latest/userguide/securityhub-standards-view-controls.md @@ -7 +7 @@ Understanding the standard security score -# Viewing details of a standard +# Reviewing details of an enabled standard @@ -11 +11 @@ On the AWS Security Hub console, the details page for a standard includes the fo - * The standard security score + * The security score for the standard. @@ -13 +13 @@ On the AWS Security Hub console, the details page for a standard includes the fo - * Visual summary of the control statuses for the controls that apply to the standard. + * A visual summary of the control statuses for the controls that apply to the standard. @@ -15 +15 @@ On the AWS Security Hub console, the details page for a standard includes the fo - * Visual summary of security checks for the controls that are enabled in the standard. If you integrate with AWS Organizations, controls that are enabled in at least one organization account are considered enabled. + * A visual summary of security checks for the controls that are enabled in the standard. If you integrate with AWS Organizations, controls that are enabled in at least one organization account are considered enabled. @@ -28 +28 @@ This section explains how to retrieve the details of a standard. - 2. In the Security Hub navigation pane, choose **Security standards**. + 2. In the navigation pane, choose **Security standards**. @@ -37 +37 @@ This section explains how to retrieve the details of a standard. -At the top of the standard details page is the security score for the standard. The score is the percentage of passed controls relative to the number of enabled controls (that have data) for the standard. +At the top of the standard details page is the security score for the standard. The score is the percentage of controls that passed evaluation, relative to the total number of controls that apply to the standard, are enabled, and have evaluation data. Next to the score is a chart that summarizes security checks for controls that are enabled in the standard. The chart shows the number of passed and failed security checks. For administrator accounts, the standard score and chart are aggregated across the administrator account and all member accounts. You can choose a specific severity level to review failed security checks for controls of the chosen severity level. @@ -39 +39 @@ At the top of the standard details page is the security score for the standard. -Security Hub typically calculates the initial security score within 30 minutes after your first visit to the **Summary** page or **Security standards** page on the Security Hub console. Scores are only generated for standards that are enabled when you visit those pages. To view a list of standards that are currently enabled, use the [`GetEnabledStandards`](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_GetEnabledStandards.html) API operation. In addition, AWS Config resource recording must be configured for scores to appear. After first-time score generation, Security Hub updates the security score every 24 hours. Security Hub displays a timestamp to indicate when a security score was last updated. For more information about how scores are calculated, see [Calculating security scores](./standards-security-score.html). +When you enable a standard, Security Hub generates a preliminary security score for the standard, typically within 30 minutes of your first visit to the **Summary** page or the **Security standards** page on the Security Hub console. Scores are generated only for standards that are enabled when you visit those pages. In addition, AWS Config resource recording must be configured for the scores to appear. In the China Regions and AWS GovCloud (US) Regions, it can take up to 24 hours for Security Hub to generate a preliminary score. After Security Hub generates a preliminary score for a standard, it updates the score every 24 hours. For more information, see [Calculating security scores](./standards-security-score.html). @@ -41,9 +41 @@ Security Hub typically calculates the initial security score within 30 minutes a -###### Note - -It can take up to 24 hours for first-time security scores to be generated in the China Regions and AWS GovCloud (US) Region. - -Next to the score is a chart that summarizes security checks for controls that are enabled in the standard. The chart shows the number of passed and failed security checks. You can also choose a specific severity level to view the failed security checks for controls of the chosen severity level - -For administrator accounts, the standard score and chart are aggregated across the administrator account and all member accounts. - -All of the data on the **Security standards** details pages is specific to the current Region unless you have set an aggregation Region. If you have set an aggregation Region, the security scores apply across Regions and include findings in all linked Regions. The compliance status of controls on the standards details pages also reflect findings from linked Regions, and the number of security checks includes findings from linked Regions. +All the data on **Security standards** details pages is specific to the current Region unless you have set an aggregation Region. If you have set an aggregation Region, the security scores apply across Regions and include findings in all linked Regions. The compliance status of controls on standard details pages also reflect findings from linked Regions, and the number of security checks includes findings from linked Regions.