AWS Security ChangesHomeSearch

AWS managedservices documentation change

Service: managedservices · 2025-05-28 · Documentation low

File: managedservices/latest/accelerate-guide/acc-sd.md

Summary

Updated responsibility matrix and security process documentation for incident response, containment strategies, logging/monitoring configurations, and forensic procedures

Security assessment

Changes refine security process documentation and role assignments (R/C/I codes) but don't address specific vulnerabilities. Updates focus on clarifying security responsibilities during incident response, containment strategies, and logging configurations without evidence of patching vulnerabilities.

Diff

diff --git a/managedservices/latest/accelerate-guide/acc-sd.md b/managedservices/latest/accelerate-guide/acc-sd.md
index a5d94dac1..c36d4fb72 100644
--- a//managedservices/latest/accelerate-guide/acc-sd.md
+++ b//managedservices/latest/accelerate-guide/acc-sd.md
@@ -316 +316 @@ Provide and update customer security contact details for AMS to use during secur
-Store and manage the supplied customer security contact details to use during security events and security escalations | CI | R  
+Store and manage the supplied customer security contact details to use during security events and security escalations | C | R  
@@ -319 +319 @@ Provide customer with documentation to support AMS during incident response proc
-Practice shared responsibility during incident response processes through security gamedays | RI | RC  
+Practice shared responsibility during incident response processes through security gamedays | R | R  
@@ -322,4 +322,4 @@ Configure supported security management AWS services for alerting, alerts correl
-Maintain asset (AWS resources) inventory, and know the asset value and criticality of assets. This information is helpful during incident containment strategy | R | CI  
-Employ AWS tags to identify resources and workloads | R | CI  
-Define and configure log retention and archival | CI | R  
-Secure baselining of AWS account, configurations, policies and access management | RC | I  
+Maintain a comprehensive inventory of AWS resources (Amazon EC2, Amazon S3 etc.), including details on the value and criticality of each asset to the business. This information will be instrumental in determining an effective containment strategy | R | C  
+Employ AWS tags to identify resources and workloads | R | C  
+Define and configure log retention and archival | I | R  
+Establish a secure baseline by defining and enforcing the organization's security policies and configurations for AWS accounts, services, and access management | R | I  
@@ -328 +328 @@ Secure baselining of AWS account, configurations, policies and access management
-Configure logging and monitoring to enable event management for instance and accounts | CI | R  
+Configure logging and monitoring to enable event management for instance and accounts | I | R  
@@ -333,2 +333,2 @@ Notify customer of detected events through outbound messaging | I | R
-Route notification and any subsequent updates to the decision makers for specific accounts and workloads to improve incident response time | R | CI  
-Define, deploy, and maintain AMS standard detection services (for example, Amazon GuardDuty and AWS Config) | CI | R  
+Coordinate internal stakeholder communications and leadership updates to improve response time | R | I  
+Define, deploy, and maintain AMS standard detection services (for example, Amazon GuardDuty and AWS Config) | C | R  
@@ -336,2 +336,2 @@ Record AWS infrastructure change logs | R | I
-Enable and configure logging, monitoring to enable event management for the application | RI | C  
-Implement and maintain an allow-list, deny-list, and custom detections on supported AWS security services (for example, Amazon GuardDuty) | RI | C  
+Enable and configure logging, monitoring to enable event management for the application | R | C  
+Implement and maintain an allow-list, deny-list, and custom detections on supported AWS security services (for example, Amazon GuardDuty) | R | R  
@@ -339,2 +339,2 @@ Implement and maintain an allow-list, deny-list, and custom detections on suppor
-Notify AMS of a suspicious activity or an active security investigation | R | CI  
-Notify detected security events and incidents to the customer | CI | R  
+Notify AMS of a suspicious activity or an active security investigation | R | I  
+Notify detected security events and incidents to the customer | I | R  
@@ -344,2 +344,2 @@ Notify planned event that might trigger Security Incident Response process | R |
-Perform initial response for supported security alert generated by a supported detection source | I | RC  
-Assess false/true positives using the available data | RI | RC  
+Perform initial response for supported security alert generated by a supported detection source | I | R  
+Assess false/true positives using the available data | R | R  
@@ -347 +347 @@ Generate a snapshot of affected instances to be shared with the customer if need
-Perform forensics tasks such as chain of custody, file system analysis, memory forensics, and binary analysis | R | CI  
+Perform forensics tasks such as chain of custody, file system analysis, memory forensics, and binary analysis | R | C  
@@ -349,3 +349,2 @@ Collect application logs to aid investigation | R | I
-Collect data and logs to aid investigation on security alerts | RCI | RC  
-Engage SMEs within AWS services on security investigations | CI | R  
-Engage third-party vendors during investigation (for example, for EPS anti-malware investigation and engaging with TrendMicro support team) | RCI | I  
+Collect data and logs to aid investigation on security alerts | R | R  
+Engage SMEs within AWS services on security investigations | C | R  
@@ -359,6 +358,6 @@ Engage customer security point of contact during a security incident investigati
-Decide on the execution of the agreed containment strategy and agree with the consequences that might affect the availability of services during the containment window | R | CI  
-Make a backup of affected systems for further analysis | CI | R  
-Contain applications and workloads (through application specific configuration or response activity) | R | CI  
-Define the containment strategy based on the security incident and the affected resource | CI | R  
-Enable encryption and secure storage of point in time backups of affected systems | RCI | C  
-Execute supported containment actions for AWS resources including EC2 instances, network, and IAM | CI | R  
+Assess risks and decide the containment strategy, acknowledging potential service impacts | R | C  
+Make a backup of affected systems for further analysis | I | R  
+Contain applications and workloads (through application specific configuration or response activity) | R | C  
+Define the containment strategy based on the security incident and the affected resource | I | R  
+Enable encryption and secure storage of point in time backups of affected systems | C | R  
+Execute supported containment actions for AWS resources including EC2 instances, network, and IAM | I | R  
@@ -367,5 +366,5 @@ Execute supported containment actions for AWS resources including EC2 instances,
-Define eradication options based on the security incident and the affected resource on customer application workloads | R | CI  
-Decide on the agreed eradication strategy, timing of eradication execution and the consequences | R | CI  
-Define eradication steps based on the security incident and the affected resource on AMS managed workloads | CI | R  
-Eradicate and harden AWS resources including EC2 instances, network, and IAM eradication | CI | R  
-Eradicate and harden applications and workloads (through application specific configuration or response activity) | R | I  
+Define eradication options based on the security incident and the affected resource on customer application workloads | C | R  
+Decide on the agreed eradication strategy, timing of eradication execution and the consequences | R | I  
+Define eradication steps based on the security incident and the affected resource on AMS managed workloads | C | R  
+Eradicate threats and harden AWS resources including EC2 instances, network, and IAM eradication | R | C  
+Eradicate threats and harden applications and workloads (through application specific configuration or response activity) | R | I  
@@ -374 +373 @@ Eradicate and harden applications and workloads (through application specific co
-Configure backup plans and targets as requested by the customer | R | I  
+Configure backup plans and targets as requested by the customer | I | R