AWS securityhub documentation change
Summary
Updated documentation about security standards with improved clarity, added details about security score calculation, and reorganized control status information
Security assessment
Changes focus on clarifying existing security standard functionality and documentation structure without addressing vulnerabilities. Enhanced explanations about security controls and scoring mechanisms constitute security documentation improvements.
Diff
diff --git a/securityhub/latest/userguide/standards-view-manage.md b/securityhub/latest/userguide/standards-view-manage.md index e7e78e6e3..db63284b4 100644 --- a//securityhub/latest/userguide/standards-view-manage.md +++ b//securityhub/latest/userguide/standards-view-manage.md @@ -7 +7 @@ -In AWS Security Hub, a security standard is a set of requirements based on regulatory frameworks, industry best practices, or company policies. +In AWS Security Hub, a _security standard_ is a set of requirements that's based on regulatory frameworks, industry best practices, or company policies. For details about the standards that Security Hub currently supports, including the security controls that apply to each one, see the [Security Hub standards reference](./standards-reference.html). @@ -9 +9 @@ In AWS Security Hub, a security standard is a set of requirements based on regul -For a list of available standards in Security Hub and the controls that apply to them, see [Security Hub standards reference](./standards-reference.html). The **Security standards** page on the Security Hub console also shows all of the supported security standards in Security Hub and the following information: +On the Security Hub console, the **Security standards** page also shows all the security standards that Security Hub currently supports. For each standard, the page provides access to the following information: @@ -11 +11 @@ For a list of available standards in Security Hub and the controls that apply to - * A description of each supported standard + * A description of the standard. @@ -13 +13 @@ For a list of available standards in Security Hub and the controls that apply to - * The enablement status of the standard + * The current status of the standard. @@ -15 +15 @@ For a list of available standards in Security Hub and the controls that apply to - * A list of controls that are currently enabled in the standard and the overall status of those controls based on the compliance status of their findings + * The current security score for the standard. @@ -17 +17 @@ For a list of available standards in Security Hub and the controls that apply to - * A list of controls that apply to the standard, but are currently disabled + * A list of controls that apply to the standard and are currently enabled, and the overall status of the controls based on the compliance status of their findings. @@ -19 +19 @@ For a list of available standards in Security Hub and the controls that apply to - * A security score for the standard + * A list of controls that apply to the standard but are currently disabled. @@ -24 +24 @@ For a list of available standards in Security Hub and the controls that apply to -When you enable a standard, Security Hub automatically enables all of the controls that apply to the standard. You can disable and re-enable controls as necessary. Security Hub runs security checks on the enabled controls. The security checks result in Security Hub findings. When you disable a standard, Security Hub stops running security checks on controls that are part of that standard. Findings are no longer generated. +When you enable a standard, Security Hub automatically enables all the controls that apply to the standard. Security Hub then runs security checks on the enabled controls, which generates Security Hub findings. You can disable and later re-enable individual controls as necessary. You can also disable a standard completely. If you disable a standard, Security Hub stops running security checks on controls that apply to the standard. Findings are no longer generated for the controls. @@ -26 +26 @@ When you enable a standard, Security Hub automatically enables all of the contro -You can enable standards individually for a single account and AWS Region. However, to save time and reduce configuration drift in multi-account or multi-Region environments, we recommend using [central configuration](./central-configuration-intro.html) to enable standards. With central configuration, the delegated Security Hub administrator can create policies that specify how a standard should be configured across multiple accounts and Regions. For more information about enabling a standard, see [Enabling a security standard in Security Hub](./enable-standards.html). +You can enable standards individually for a single account and AWS Region. However, to save time and reduce configuration drift in multi-account or multi-Region environments, we recommend using [central configuration](./central-configuration-intro.html) to enable standards. With central configuration, the delegated Security Hub administrator can create policies that specify how a standard should be configured across multiple accounts and Regions. For more information, see [Enabling a security standard in Security Hub](./enable-standards.html). @@ -28 +28 @@ You can enable standards individually for a single account and AWS Region. Howev -Security Hub generates a security score for each standard based on the status of controls that apply to the standard. If you sign in to an administrator account, security scores reflect control statuses across all member accounts. If you have set an aggregation Region, security scores reflect control statuses across all linked Regions. For more information, see [Method of calculating security scores](./standards-security-score.html#standard-security-score-calculation). +Security Hub generates a security score for each standard based on the status of controls that apply to the standard. If you're the Security Hub administrator for an organization, the security score for a standard reflects control statuses for all member accounts. If you set an aggregation Region, a security score reflects control statuses across all linked Regions. For more information, see [Calculating security scores](./standards-security-score.html).