AWS securityhub documentation change
Summary
Updated PCI DSS standard documentation with wording improvements, control list clarifications, and corrected references to NIST standards and AWS service names.
Security assessment
The changes primarily improve clarity and accuracy of existing PCI DSS compliance documentation. While PCI DSS is a security standard, there is no evidence these changes address specific vulnerabilities or security incidents. Updates include typo fixes ('AWS Configurations' to 'configurations'), improved section headers, and corrected NIST reference from SP 800-53 to 800-171. These are documentation improvements rather than security fixes.
Diff
diff --git a/securityhub/latest/userguide/pci-standard.md b/securityhub/latest/userguide/pci-standard.md index c35108515..1fbd89b23 100644 --- a//securityhub/latest/userguide/pci-standard.md +++ b//securityhub/latest/userguide/pci-standard.md @@ -11 +11 @@ The Payment Card Industry Data Security Standard (PCI DSS) is a third-party comp -AWS Security Hub has a PCI DSS standard to help you stay compliant with this third-party framework. You can use this standard to discover security vulnerabilities in AWS resources that handle cardholder data. We recommend enabling this standard in AWS accounts that have resources that store, process, or transmit cardholder data or sensitive authentication data. Assessments by the PCI SSC validated this standard. +AWS Security Hub provides a PCI DSS standard that can help you stay compliant with this third-party framework. You can use this standard to discover security vulnerabilities in AWS resources that handle cardholder data. We recommend enabling this standard in AWS accounts that have resources that store, process, or transmit cardholder data or sensitive authentication data. Assessments by the PCI SSC validated this standard. @@ -13 +13 @@ AWS Security Hub has a PCI DSS standard to help you stay compliant with this thi -Security Hub offers support for both PCI DSS v3.2.1 and PCI DSS v4.0.1. We recommend using v4.0.1 to stay current on security best practices. You can have both versions of the standard enabled at the same time. For instructions on enabling standards, see [Enabling a security standard in Security Hub](./enable-standards.html). If you currently use v3.2.1 but want to use only v4.0.1, enable the newer version before disabling the older version. This prevents gaps in your security checks. If you use the Security Hub integration with AWS Organizations and want to batch enable v4.0.1 in multiple accounts, we recommend using [central configuration](./central-configuration-intro.html) to do so. +Security Hub offers support for both PCI DSS v3.2.1 and PCI DSS v4.0.1. We recommend using v4.0.1 to stay current with security best practices. You can have both versions of the standard enabled at the same time. For information about enabling standards, see [Enabling a security standard in Security Hub](./enable-standards.html). If you currently use v3.2.1 but want to use only v4.0.1, enable the newer version before disabling the older version. This prevents gaps in your security checks. If you use the Security Hub integration with AWS Organizations and want to batch enable v4.0.1 in multiple accounts, we recommend using [central configuration](./central-configuration-intro.html) to do so. @@ -15 +15 @@ Security Hub offers support for both PCI DSS v3.2.1 and PCI DSS v4.0.1. We recom -The following sections show which controls apply to PCI DSS v3.2.1 and PCI DSS v4.0.1. +The following sections specify which controls apply to PCI DSS v3.2.1 and PCI DSS v4.0.1. @@ -18,0 +19,2 @@ The following sections show which controls apply to PCI DSS v3.2.1 and PCI DSS v +The following list specifies which AWS Security Hub controls apply to PCI DSS v3.2.1. To review the details of a control, choose the control. + @@ -69 +71 @@ The following sections show which controls apply to PCI DSS v3.2.1 and PCI DSS v -[[IAM.10] Password policies for IAM users should have strong AWS Configurations](./iam-controls.html#iam-10) +[[IAM.10] Password policies for IAM users should have strong configurations](./iam-controls.html#iam-10) @@ -108,0 +111,2 @@ The following sections show which controls apply to PCI DSS v3.2.1 and PCI DSS v +The following list specifies which AWS Security Hub controls apply to PCI DSS v4.0.1. To review the details of a control, choose the control. + @@ -263,2 +266,0 @@ The following sections show which controls apply to PCI DSS v3.2.1 and PCI DSS v -[[IAM.10] Password policies for IAM users should have strong AWS Configurations](./iam-controls.html#iam-10) - @@ -277 +279 @@ The following sections show which controls apply to PCI DSS v3.2.1 and PCI DSS v -[[IAM.18] Ensure a support role has been created to manage incidents with Support](./iam-controls.html#iam-18) +[[IAM.18] Ensure a support role has been created to manage incidents with AWS Support](./iam-controls.html#iam-18) @@ -403 +405 @@ To use the Amazon Web Services Documentation, Javascript must be enabled. Please -NIST SP 800-53 Rev. 5 +NIST SP 800-171 Revision 2 @@ -405 +407 @@ NIST SP 800-53 Rev. 5 -AWS Resource Tagging Standard +Service-managed standards