AWS managedservices medium security documentation change
Summary
Added security warning about third-party repository risks and patching best practices
Security assessment
Directly addresses security responsibilities and risks associated with alternative patch sources, providing mitigation guidance
Diff
diff --git a/managedservices/latest/userguide/patch-mgmt.md b/managedservices/latest/userguide/patch-mgmt.md index 6b090aeda..fab21e420 100644 --- a//managedservices/latest/userguide/patch-mgmt.md +++ b//managedservices/latest/userguide/patch-mgmt.md @@ -50,0 +51,15 @@ For definitions of patching terms, see [AMS key terms](./key-terms.html). +###### Important + +You can specify alternative patch repositories for managed nodes. While AMS implements your requested patch configurations, you are responsible for selecting and validating the security of your chosen repositories. You must also accept any risks from using these repositories, such as supply chain risks. + +The following are best practices for the security of your patch management process: + + * Use only trusted, verified repository sources + + * Default to standard OS vendor repositories when possible + + * Regularly audit custom repository configurations + + + +