AWS securityhub documentation change
Summary
Updated documentation on security score calculation details, including AWS Config requirements, regional timing considerations, and consolidated controls impact. Improved clarity and formatting.
Security assessment
Changes clarify operational aspects of security scoring features but do not address specific vulnerabilities. The AWS Config requirement mention reinforces existing security documentation rather than introducing new security content.
Diff
diff --git a/securityhub/latest/userguide/standards-security-score.md b/securityhub/latest/userguide/standards-security-score.md index 2bd437368..ee361c14b 100644 --- a//securityhub/latest/userguide/standards-security-score.md +++ b//securityhub/latest/userguide/standards-security-score.md @@ -9 +9 @@ Method of calculating security scoresSecurity scores for administrator accountsS -The **Summary** page and **Controls** page of the Security Hub console display a summary security score across all of your enabled standards. On the **Security standards** page, Security Hub also displays a security score from 0–100 percent for each enabled standard. +On the AWS Security Hub console, the **Summary** page and the **Controls** page display a summary security score across all of your enabled standards. On the **Security standards** page, Security Hub also displays a security score from 0–100 percent for each enabled standard. @@ -11 +11 @@ The **Summary** page and **Controls** page of the Security Hub console display a -When you first enable Security Hub, Security Hub calculates the summary security score and standard security scores within 30 minutes after your first visit to the **Summary** page or **Security standards** page on the Security Hub console. Scores are only generated for standards that are enabled when you visit those pages. To view a list of standards that are currently enabled, invoke the [`GetEnabledStandards`](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_GetEnabledStandards.html) API operation. In addition, AWS Config resource recording must be configured for scores to appear. The summary security score is the average of the standard security scores. +When you first enable Security Hub, Security Hub calculates the summary security score and standard security scores within 30 minutes of your first visit to the **Summary** or **Security standards** page on the console. Scores are generated only for standards that are enabled when you visit those pages on the console. In addition, AWS Config resource recording must be configured for the scores to appear. The summary security score is the average of the standard security scores. To review a list of standards that are currently enabled, you can use the [GetEnabledStandards](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_GetEnabledStandards.html) operation of the Security Hub API. @@ -13 +13 @@ When you first enable Security Hub, Security Hub calculates the summary security -After first-time score generation, Security Hub updates security scores every 24 hours. Security Hub displays a timestamp to indicate when a security score was last updated. +After first-time score generation, Security Hub updates security scores every 24 hours. Security Hub displays a timestamp to indicate when a security score was last updated. Note that it can take up to 24 hours for first-time security scores to be generated in the China Regions and AWS GovCloud (US) Regions. @@ -15,5 +15 @@ After first-time score generation, Security Hub updates security scores every 24 -###### Note - -It may take up to 24 hours for first-time security scores to be generated in the China Regions and AWS GovCloud (US) Region. - -If you turn on [consolidated control findings](./controls-findings-create-update.html#consolidated-control-findings), it may take up to 24 hours for your security scores to update. In addition, enabling a new aggregation Region or updating linked Regions resets existing security scores. It may take up to 24 hours for Security Hub to generate new security scores that include data from the updated Regions. +If you turn on [consolidated control findings](./controls-findings-create-update.html#consolidated-control-findings), it can take up to 24 hours for your security scores to update. In addition, enabling a new aggregation Region or updating linked Regions resets existing security scores. It can take up to 24 hours for Security Hub to generate new security scores that include data from the updated Regions. @@ -43 +39 @@ In this example, although the total number of enabled controls across enabled st -You may have a summary score that differs from the standard security score even if you've only enabled one standard in your account in the current Region. This may occur if you're signed in to an administrator account and member accounts have additional standards or different standards enabled. This may also occur if you're viewing the score from the aggregation Region and additional standards or different standards are enabled in linked Regions. +You might have a summary score that differs from the standard security score, even if you've enabled only one standard in your account in the current Region. This can occur if you're signed in to an administrator account and member accounts have additional standards or different standards enabled. This can also occur if you're viewing the score from the aggregation Region and additional standards or different standards are enabled in linked Regions.