AWS Security ChangesHomeSearch

AWS securityhub documentation change

Service: securityhub · 2025-04-16 · Documentation medium

File: securityhub/latest/userguide/nist-standard.md

Summary

Added new controls ECS.17 (host network mode) and RDS.42 (CloudWatch logging), and fixed punctuation in a link

Security assessment

Introduces new security controls for ECS and RDS as part of NIST compliance documentation. While these address security best practices, there is no evidence of a specific patched vulnerability.

Diff

diff --git a/securityhub/latest/userguide/nist-standard.md b/securityhub/latest/userguide/nist-standard.md
index 6bb23fa61..76bac7f54 100644
--- a//securityhub/latest/userguide/nist-standard.md
+++ b//securityhub/latest/userguide/nist-standard.md
@@ -205 +205 @@ For more information about NIST SP 800-53 Rev. 5, see the [NIST Computer Securit
-[[ECS.1] Amazon ECS task definitions should have secure networking modes and user definitions.](./ecs-controls.html#ecs-1)
+[[ECS.1] Amazon ECS task definitions should have secure networking modes and user definitions](./ecs-controls.html#ecs-1)
@@ -222,0 +223,2 @@ For more information about NIST SP 800-53 Rev. 5, see the [NIST Computer Securit
+[[ECS.17] ECS task definitions should not use host network mode](./ecs-controls.html#ecs-17)
+
@@ -494,0 +497,2 @@ For more information about NIST SP 800-53 Rev. 5, see the [NIST Computer Securit
+[[RDS.42] RDS for MariaDB DB instances should publish logs to CloudWatch Logs](./rds-controls.html#rds-42)
+