AWS securityhub documentation change
Summary
Added documentation for 9 new security controls and noted RDS.46 rollback
Security assessment
Primarily documents new security controls (e.g., CloudTrail.10) which enhance encryption and monitoring. No evidence of addressing existing vulnerabilities, but adds security feature documentation.
Diff
diff --git a/securityhub/latest/userguide/doc-history.md b/securityhub/latest/userguide/doc-history.md index 7f5c10810..bb4407ba2 100644 --- a//securityhub/latest/userguide/doc-history.md +++ b//securityhub/latest/userguide/doc-history.md @@ -12,0 +13,7 @@ Change| Description| Date +Updates to security controls| Security Hub rolled back the release of the following control in all AWS Regions: _[RDS.46] RDS DB instances should not be deployed in public subnets with routes to internet gateways_. Previously, this control supported the AWS Foundational Security Best Practices v1.0.0 (FSBP) standard.| May 8, 2025 +New security controls| Security Hub released 9 new controls. Most of the controls support the [AWS Foundational Security Best Practices v1.0.0 (FSBP)](https://docs.aws.amazon.com/securityhub/latest/userguide/fsbp-standard.html) standard. Some of the controls support [NIST SP 800-53 Rev. 5](https://docs.aws.amazon.com/securityhub/latest/userguide/nist-standard.html) requirements. + + * For the AWS FSBP standard, IDs for the applicable controls are: [DocumentDB.6](https://docs.aws.amazon.com/securityhub/latest/userguide/documentdb-controls.html#documentdb-6), [RDS.44](https://docs.aws.amazon.com/securityhub/latest/userguide/rds-controls.html#rds-44), [RedshiftServerless.2](https://docs.aws.amazon.com/securityhub/latest/userguide/redshiftserverless-controls.html#redshiftserverless-2), [RedshiftServerless.3](https://docs.aws.amazon.com/securityhub/latest/userguide/redshiftserverless-controls.html#redshiftserverless-3), [RedshiftServerless.5](https://docs.aws.amazon.com/securityhub/latest/userguide/redshiftserverless-controls.html#redshiftserverless-5), [RedshiftServerless.6](https://docs.aws.amazon.com/securityhub/latest/userguide/redshiftserverless-controls.html#redshiftserverless-6), and [RedshiftServerless.7](https://docs.aws.amazon.com/securityhub/latest/userguide/redshiftserverless-controls.html#redshiftserverless-7). + * For NIST SP 800-53 Rev. 5, IDs for the applicable controls are: [CloudTrail.10](https://docs.aws.amazon.com/securityhub/latest/userguide/cloudtrail-controls.html#cloudtrail-10), [RedshiftServerless.4](https://docs.aws.amazon.com/securityhub/latest/userguide/redshiftserverless-controls.html#redshiftserverless-4), and [RedshiftServerless.7](https://docs.aws.amazon.com/securityhub/latest/userguide/redshiftserverless-controls.html#redshiftserverless-7). + +| May 7, 2025 @@ -15 +22 @@ New security controls| Security Hub released 24 new controls. Most of the contro - * For the AWS FSBP standard, IDs for the applicable controls are: [EC2.173](https://docs.aws.amazon.com/securityhub/latest/userguide/ec2-controls.html#ec2-173), [RDS.41](https://docs.aws.amazon.com/securityhub/latest/userguide/rds-controls.html#rds-41), [RDS.42](https://docs.aws.amazon.com/securityhub/latest/userguide/rds-controls.html#rds-42), [RDS.46](https://docs.aws.amazon.com/securityhub/latest/userguide/rds-controls.html#rds-46), and [SageMaker.8](https://docs.aws.amazon.com/securityhub/latest/userguide/sagemaker-controls.html#sagemaker-8). + * For the AWS FSBP standard, IDs for the applicable controls are: [EC2.173](https://docs.aws.amazon.com/securityhub/latest/userguide/ec2-controls.html#ec2-173), [RDS.41](https://docs.aws.amazon.com/securityhub/latest/userguide/rds-controls.html#rds-41), [RDS.42](https://docs.aws.amazon.com/securityhub/latest/userguide/rds-controls.html#rds-42), and [SageMaker.8](https://docs.aws.amazon.com/securityhub/latest/userguide/sagemaker-controls.html#sagemaker-8).