AWS Security ChangesHomeSearch

AWS securityhub documentation change

Service: securityhub · 2025-05-10 · Documentation low

File: securityhub/latest/userguide/nist-standard.md

Summary

Added CloudTrail.10 and Redshift Serverless controls related to KMS encryption and default database names

Security assessment

Documents new NIST-aligned controls for encryption management and default configuration hardening. These represent proactive security guidance rather than fixes for existing vulnerabilities.

Diff

diff --git a/securityhub/latest/userguide/nist-standard.md b/securityhub/latest/userguide/nist-standard.md
index 996242b33..b91c91075 100644
--- a//securityhub/latest/userguide/nist-standard.md
+++ b//securityhub/latest/userguide/nist-standard.md
@@ -84,0 +85,2 @@ For more information about NIST SP 800-53 Rev. 5, see the [NIST Computer Securit
+[[CloudTrail.10] CloudTrail Lake event data stores should be encrypted with customer managed AWS KMS keys](./cloudtrail-controls.html#cloudtrail-10)
+
@@ -516,0 +519,4 @@ For more information about NIST SP 800-53 Rev. 5, see the [NIST Computer Securit
+[[RedshiftServerless.4] Redshift Serverless namespaces should be encrypted with customer managed AWS KMS keys](./redshiftserverless-controls.html#redshiftserverless-4)
+
+[[RedshiftServerless.7] Redshift Serverless namespaces should not use the default database name](./redshiftserverless-controls.html#redshiftserverless-7)
+