AWS Security ChangesHomeSearch

AWS securityhub documentation change

Service: securityhub · 2025-05-31 · Documentation low

File: securityhub/latest/userguide/apigateway-controls.md

Summary

Updated title, formatting changes, added NIST.800-171.r2 3.13.15 compliance reference, and standardized AWS Config rule link formatting

Security assessment

Expanded compliance framework references and improved documentation consistency. The change enhances security control documentation but does not indicate remediation of a security vulnerability.

Diff

diff --git a/securityhub/latest/userguide/apigateway-controls.md b/securityhub/latest/userguide/apigateway-controls.md
index 27a1632c0..56d122dff 100644
--- a//securityhub/latest/userguide/apigateway-controls.md
+++ b//securityhub/latest/userguide/apigateway-controls.md
@@ -7 +7 @@
-# Security Hub controls for API Gateway
+# Security Hub controls for Amazon API Gateway
@@ -9,3 +9 @@
-These Security Hub controls evaluate the Amazon API Gateway service and resources.
-
-These controls may not be available in all AWS Regions. For more information, see [Availability of controls by Region](./securityhub-regions.html#securityhub-regions-control-support).
+These AWS Security Hub controls evaluate the Amazon API Gateway service and resources. The controls might not be available in all AWS Regions. For more information, see [Availability of controls by Region](./securityhub-regions.html#securityhub-regions-control-support).
@@ -23 +21 @@ These controls may not be available in all AWS Regions. For more information, se
-**AWS Config rule:** [`api-gw-execution-logging-enabled`](https://docs.aws.amazon.com/config/latest/developerguide/api-gw-execution-logging-enabled.html)
+**AWS Config rule:** [api-gw-execution-logging-enabled](https://docs.aws.amazon.com/config/latest/developerguide/api-gw-execution-logging-enabled.html)
@@ -43 +41 @@ To enable logging for REST and WebSocket API operations, see [Set up CloudWatch
-**Related requirements:** NIST.800-53.r5 AC-17(2), NIST.800-53.r5 AC-4, NIST.800-53.r5 IA-5(1), NIST.800-53.r5 SC-12(3), NIST.800-53.r5 SC-13, NIST.800-53.r5 SC-23, NIST.800-53.r5 SC-23(3), NIST.800-53.r5 SC-7(4), NIST.800-53.r5 SC-8, NIST.800-53.r5 SC-8(1), NIST.800-53.r5 SC-8(2), NIST.800-53.r5 SI-7(6)
+**Related requirements:** NIST.800-53.r5 AC-17(2), NIST.800-53.r5 AC-4, NIST.800-53.r5 IA-5(1), NIST.800-53.r5 SC-12(3), NIST.800-53.r5 SC-13, NIST.800-53.r5 SC-23, NIST.800-53.r5 SC-23(3), NIST.800-53.r5 SC-7(4), NIST.800-53.r5 SC-8, NIST.800-53.r5 SC-8(1), NIST.800-53.r5 SC-8(2), NIST.800-53.r5 SI-7(6), NIST.800-171.r2 3.13.15
@@ -51 +49 @@ To enable logging for REST and WebSocket API operations, see [Set up CloudWatch
-**AWS Config rule:** [`api-gw-ssl-enabled`](https://docs.aws.amazon.com/config/latest/developerguide/api-gw-ssl-enabled.html)
+**AWS Config rule:** [api-gw-ssl-enabled](https://docs.aws.amazon.com/config/latest/developerguide/api-gw-ssl-enabled.html)
@@ -75 +73 @@ For detailed instructions on how to generate and configure API Gateway REST API
-**AWS Config rule:** [`api-gw-xray-enabled`](https://docs.aws.amazon.com/config/latest/developerguide/api-gw-xray-enabled.html)
+**AWS Config rule:** [api-gw-xray-enabled](https://docs.aws.amazon.com/config/latest/developerguide/api-gw-xray-enabled.html)
@@ -99 +97 @@ For detailed instructions on how to enable X-Ray active tracing for API Gateway
-**AWS Config rule:** [`api-gw-associated-with-waf`](https://docs.aws.amazon.com/config/latest/developerguide/api-gw-associated-with-waf.html)
+**AWS Config rule:** [api-gw-associated-with-waf](https://docs.aws.amazon.com/config/latest/developerguide/api-gw-associated-with-waf.html)
@@ -149 +147 @@ To configure API caching for a stage, see [Enable Amazon API Gateway caching](ht
-AWS Config rule: [`api-gwv2-authorization-type-configured`](https://docs.aws.amazon.com/config/latest/developerguide/api-gwv2-authorization-type-configured.html)
+**AWS Config rule:** [api-gwv2-authorization-type-configured](https://docs.aws.amazon.com/config/latest/developerguide/api-gwv2-authorization-type-configured.html)
@@ -177 +175 @@ To set an authorization type for HTTP APIs, see [Controlling and managing access
-AWS Config rule: [`api-gwv2-access-logs-enabled`](https://docs.aws.amazon.com/config/latest/developerguide/api-gwv2-access-logs-enabled.html)
+**AWS Config rule:** [api-gwv2-access-logs-enabled](https://docs.aws.amazon.com/config/latest/developerguide/api-gwv2-access-logs-enabled.html)