AWS Security ChangesHomeSearch

AWS securityhub documentation change

Service: securityhub · 2025-05-31 · Documentation low

File: securityhub/latest/userguide/standards-view-manage.md

Summary

Updated documentation about security standards management, added details about security score calculation across organizations/regions, restructured content flow, and added links to related topics

Security assessment

The changes improve documentation about security standards management processes and scoring mechanisms but do not address any specific vulnerabilities. The updates focus on clarifying existing security features (controls management, scoring) and operational best practices (central configuration).

Diff

diff --git a/securityhub/latest/userguide/standards-view-manage.md b/securityhub/latest/userguide/standards-view-manage.md
index db63284b4..be0364f15 100644
--- a//securityhub/latest/userguide/standards-view-manage.md
+++ b//securityhub/latest/userguide/standards-view-manage.md
@@ -9 +9 @@ In AWS Security Hub, a _security standard_ is a set of requirements that's based
-On the Security Hub console, the **Security standards** page also shows all the security standards that Security Hub currently supports. For each standard, the page provides access to the following information:
+When you enable a standard, Security Hub automatically enables all the controls that apply to the standard. Security Hub then runs security checks on the controls, which generates Security Hub findings. You can disable and later re-enable individual controls as necessary. You can also disable a standard completely. If you disable a standard, Security Hub stops running security checks on controls that apply to the standard. Findings are no longer generated for the controls.
@@ -11 +11 @@ On the Security Hub console, the **Security standards** page also shows all the
-  * A description of the standard.
+In addition to findings, Security Hub generates a security score for each standard that you enable. The score is based on the status of the controls that apply to the standard. If you set an aggregation Region, the security score for a standard reflects the status of the controls across all linked Regions. If you're the Security Hub administrator for an organization, the score reflects the status of the controls for all the accounts in your organization. For more information, see [Calculating security scores](./standards-security-score.html).
@@ -13 +13 @@ On the Security Hub console, the **Security standards** page also shows all the
-  * The current status of the standard.
+To review and manage standards, you can use the Security Hub console or the Security Hub API. On the console, the **Security standards** page shows all the security standards that Security Hub currently supports. This includes a description of each standard and the current status of the standard. If you enable a standard, you can also use this page to access additional details for the standard. For example, you can review:
@@ -17 +17,3 @@ On the Security Hub console, the **Security standards** page also shows all the
-  * A list of controls that apply to the standard and are currently enabled, and the overall status of the controls based on the compliance status of their findings.
+  * Aggregated statistics for controls that apply to the standard.
+
+  * A list of controls that apply to the standard and are currently enabled, including the compliance status of each one.
@@ -24 +26,16 @@ On the Security Hub console, the **Security standards** page also shows all the
-When you enable a standard, Security Hub automatically enables all the controls that apply to the standard. Security Hub then runs security checks on the enabled controls, which generates Security Hub findings. You can disable and later re-enable individual controls as necessary. You can also disable a standard completely. If you disable a standard, Security Hub stops running security checks on controls that apply to the standard. Findings are no longer generated for the controls.
+For deeper analysis, you can filter and sort the data, and drill down to review the details of individual controls that apply to the standard.
+
+You can enable standards individually for a single account and AWS Region. However, to save time and reduce configuration drift in multi-account and multi-Region environments, we recommend using [central configuration](./central-configuration-intro.html) to enable and manage standards. With central configuration, the delegated Security Hub administrator can create policies that specify how to configure a standard across multiple accounts and Regions.
+
+###### Topics
+
+  * [Standards reference](./standards-reference.html)
+
+  * [Enabling a standard](./enable-standards.html)
+
+  * [Reviewing the details of a standard](./securityhub-standards-view-controls.html)
+
+  * [Turning off auto-enabled standards](./securityhub-auto-enabled-standards.html)
+
+  * [Disabling a standard](./disable-standards.html)
+
@@ -26 +42,0 @@ When you enable a standard, Security Hub automatically enables all the controls
-You can enable standards individually for a single account and AWS Region. However, to save time and reduce configuration drift in multi-account or multi-Region environments, we recommend using [central configuration](./central-configuration-intro.html) to enable standards. With central configuration, the delegated Security Hub administrator can create policies that specify how a standard should be configured across multiple accounts and Regions. For more information, see [Enabling a security standard in Security Hub](./enable-standards.html).
@@ -28 +43,0 @@ You can enable standards individually for a single account and AWS Region. Howev
-Security Hub generates a security score for each standard based on the status of controls that apply to the standard. If you're the Security Hub administrator for an organization, the security score for a standard reflects control statuses for all member accounts. If you set an aggregation Region, a security score reflects control statuses across all linked Regions. For more information, see [Calculating security scores](./standards-security-score.html).
@@ -38 +53 @@ Stopping aggregation
-Security Hub standards reference
+Standards reference