AWS managedservices high security documentation change
Summary
Added security group sharing controls between VPCs/accounts
Security assessment
New controls (27.0-27.2) explicitly govern security group sharing permissions based on compliance status. This directly addresses security risks from improper network access controls and introduces governance for cross-account/resource access management.
Diff
diff --git a/managedservices/latest/accelerate-guide/acc-sec-stand-controls.md b/managedservices/latest/accelerate-guide/acc-sec-stand-controls.md index 7efd5adde..6e6a3d64d 100644 --- a//managedservices/latest/accelerate-guide/acc-sec-stand-controls.md +++ b//managedservices/latest/accelerate-guide/acc-sec-stand-controls.md @@ -88,0 +89,3 @@ ID | Technical standard +**27.0** | **Security group sharing** +27.1 | If a security group meets this security standard, then it can be shared between VPCs in the same account and between accounts in the same organization. +27.2 | If a security group does not meet this standard and a risk acceptance was previously required for this security group, then the use of the security group sharing feature between VPCs in the same account, or between accounts in the same organization, is not permitted without risk acceptance for that new that VPC or account.