AWS Security ChangesHomeSearch

AWS securityhub documentation change

Service: securityhub · 2025-05-31 · Documentation low

File: securityhub/latest/userguide/asff-changes-consolidation.md

Summary

Updated documentation links and standardized control titles across CIS and PCI DSS standards. Changes include clarifying 'AWS Support' references and correcting control title wording consistency.

Security assessment

The changes improve clarity and consistency in security control documentation but do not address any specific security vulnerabilities. Updates include standardized references to AWS Support and corrected control titles (e.g., 'AWS Configurations' to 'configurations'), which enhance documentation accuracy but do not indicate remediation of security flaws.

Diff

diff --git a/securityhub/latest/userguide/asff-changes-consolidation.md b/securityhub/latest/userguide/asff-changes-consolidation.md
index bddec259e..bae47cf2f 100644
--- a//securityhub/latest/userguide/asff-changes-consolidation.md
+++ b//securityhub/latest/userguide/asff-changes-consolidation.md
@@ -568 +568 @@ Consolidated controls view and consolidated control findings standardize control
-The Security Hub console displays standard-agnostic security control IDs and security control titles, regardless of whether consolidated control findings is turned on or off in your account. However, Security Hub findings contain standard-specific control titles (for PCI and CIS v1.2.0) if consolidated control findings is turned off in your account. In addition, Security Hub findings contain the standard-specific control ID and the security control ID. For more information about how consolidation impacts control findings, see [Sample control findings in Security Hub](./sample-control-findings.html).
+The Security Hub console displays standard-agnostic security control IDs and security control titles, regardless of whether consolidated control findings is turned on or off in your account. However, Security Hub findings contain standard-specific control titles (for PCI and CIS v1.2.0) if consolidated control findings is turned off in your account. In addition, Security Hub findings contain the standard-specific control ID and the security control ID. For more information about how consolidation impacts control findings, see [Samples of control findings in Security Hub](./sample-control-findings.html).
@@ -586 +586 @@ CIS v1.2.0 |  1.2 Ensure multi-factor authentication (MFA) is enabled for all IA
-CIS v1.2.0 |  1.20 Ensure a support role has been created to manage incidents with Support |  [[IAM.18] Ensure a support role has been created to manage incidents with Support](./iam-controls.html#iam-18)  
+CIS v1.2.0 |  1.20 Ensure a support role has been created to manage incidents with Support |  [[IAM.18] Ensure a support role has been created to manage incidents with AWS Support](./iam-controls.html#iam-18)  
@@ -613 +613 @@ CIS v1.2.0 |  3.4 Ensure a log metric filter and alarm exist for IAM policy chan
-CIS v1.2.0 |  3.5 Ensure a log metric filter and alarm exist for CloudTrail configuration changes |  [[CloudWatch.5] Ensure a log metric filter and alarm exist for CloudTrail AWS Configuration changes](./cloudwatch-controls.html#cloudwatch-5)  
+CIS v1.2.0 |  3.5 Ensure a log metric filter and alarm exist for CloudTrail configuration changes |  [[CloudWatch.5] Ensure a log metric filter and alarm exist for CloudTrail configuration changes](./cloudwatch-controls.html#cloudwatch-5)  
@@ -624 +624 @@ CIS v1.4.0 |  1.16 Ensure IAM policies that allow full "*:*" administrative priv
-CIS v1.4.0 |  1.17 Ensure a support role has been created to manage incidents with Support |  [[IAM.18] Ensure a support role has been created to manage incidents with Support](./iam-controls.html#iam-18)  
+CIS v1.4.0 |  1.17 Ensure a support role has been created to manage incidents with Support |  [[IAM.18] Ensure a support role has been created to manage incidents with AWS Support](./iam-controls.html#iam-18)  
@@ -645 +645 @@ CIS v1.4.0 |  4.4 Ensure a log metric filter and alarm exist for IAM policy chan
-CIS v1.4.0 |  4.5 Ensure a log metric filter and alarm exist for CloudTrail configuration changes |  [[CloudWatch.5] Ensure a log metric filter and alarm exist for CloudTrail AWS Configuration changes](./cloudwatch-controls.html#cloudwatch-5)  
+CIS v1.4.0 |  4.5 Ensure a log metric filter and alarm exist for CloudTrail configuration changes |  [[CloudWatch.5] Ensure a log metric filter and alarm exist for CloudTrail configuration changes](./cloudwatch-controls.html#cloudwatch-5)  
@@ -683 +683 @@ PCI DSS v3.2.1 |  PCI.IAM.7 IAM user credentials should be disabled if not used
-PCI DSS v3.2.1 |  PCI.IAM.8 Password policies for IAM users should have strong configurations |  [[IAM.10] Password policies for IAM users should have strong AWS Configurations](./iam-controls.html#iam-10)  
+PCI DSS v3.2.1 |  PCI.IAM.8 Password policies for IAM users should have strong configurations |  [[IAM.10] Password policies for IAM users should have strong configurations](./iam-controls.html#iam-10)