AWS securityhub documentation change
Summary
Updated documentation to consistently reference 'Security Hub CSPM' instead of 'Security Hub', including console references and configuration processes
Security assessment
The changes emphasize Cloud Security Posture Management (CSPM) capabilities but do not address a specific vulnerability. CSPM is a security feature category, so documenting its implementation improves security posture awareness without fixing existing flaws.
Diff
diff --git a/securityhub/latest/userguide/accounts-orgs-auto-enable.md b/securityhub/latest/userguide/accounts-orgs-auto-enable.md index e5d5a3972..c6f661a7d 100644 --- a//securityhub/latest/userguide/accounts-orgs-auto-enable.md +++ b//securityhub/latest/userguide/accounts-orgs-auto-enable.md @@ -3 +3 @@ -[Documentation](/index.html)[AWS Security Hub](/securityhub/index.html)[User Guide](what-is-securityhub.html) +[Documentation](/index.html)[AWS Security Hub](/securityhub/index.html)[ User Guide ](what-is-security-hub-adv.html) @@ -7 +7 @@ Automatically enabling new organization accounts (central configuration)Automati -# Automatically enabling Security Hub in new organization accounts +# Automatically enabling Security Hub CSPM in new organization accounts @@ -9 +9 @@ Automatically enabling new organization accounts (central configuration)Automati -When new accounts join your organization, they are added to the list on the **Accounts** page of the AWS Security Hub console. For organization accounts, **Type** is **By organization**. By default, new accounts don't become Security Hub members when they join the organization. Their status is **Not a member**. The delegated administrator account can automatically add new accounts as members and enable Security Hub in these accounts when they join the organization. +When new accounts join your organization, they are added to the list on the **Accounts** page of the AWS Security Hub Cloud Security Posture Management (CSPM) console. For organization accounts, **Type** is **By organization**. By default, new accounts don't become Security Hub CSPM members when they join the organization. Their status is **Not a member**. The delegated administrator account can automatically add new accounts as members and enable Security Hub CSPM in these accounts when they join the organization. @@ -13 +13 @@ When new accounts join your organization, they are added to the list on the **Ac -Although many AWS Regions are active by default for your AWS account, you must activate certain Regions manually. These Regions are called opt-in Regions in this document. To automatically enable Security Hub in a new account in an opt-in Region, the account must have that Region activated first. Only the account owner can activate the opt-in Region. For more information about opt-in Regions, see [Specify which AWS Regions your account can use](https://docs.aws.amazon.com/accounts/latest/reference/manage-acct-regions.html). +Although many AWS Regions are active by default for your AWS account, you must activate certain Regions manually. These Regions are called opt-in Regions in this document. To automatically enable Security Hub CSPM in a new account in an opt-in Region, the account must have that Region activated first. Only the account owner can activate the opt-in Region. For more information about opt-in Regions, see [Specify which AWS Regions your account can use](https://docs.aws.amazon.com/accounts/latest/reference/manage-acct-regions.html). @@ -19 +19 @@ This process is different based on whether you use central configuration (recomm -If you use [central configuration](./central-configuration-intro.html), you can automatically enable Security Hub in new and existing organization accounts by creating a configuration policy in which Security Hub is enabled. You can then associate the policy with the organization root or specific organizational units (OUs). +If you use [central configuration](./central-configuration-intro.html), you can automatically enable Security Hub CSPM in new and existing organization accounts by creating a configuration policy in which Security Hub CSPM is enabled. You can then associate the policy with the organization root or specific organizational units (OUs). @@ -21 +21 @@ If you use [central configuration](./central-configuration-intro.html), you can -If you associate a configuration policy in which Security Hub is enabled with a specific OU, Security Hub is automatically enabled in all accounts (existing and new) that belong to that OU. New accounts that don't belong to the OU are self-managed and don't automatically have Security Hub enabled. If you associate a configuration policy in which Security Hub is enabled with the root, Security Hub is automatically enabled in all accounts (existing and new) that join the organization. The exceptions are if an account uses a different policy through application or inheritance, or is self-managed. +If you associate a configuration policy in which Security Hub CSPM is enabled with a specific OU, Security Hub CSPM is automatically enabled in all accounts (existing and new) that belong to that OU. New accounts that don't belong to the OU are self-managed and don't automatically have Security Hub CSPM enabled. If you associate a configuration policy in which Security Hub CSPM is enabled with the root, Security Hub CSPM is automatically enabled in all accounts (existing and new) that join the organization. The exceptions are if an account uses a different policy through application or inheritance, or is self-managed. @@ -29 +29 @@ For instructions on creating a configuration policy, see [Creating and associati -When you use local configuration and turn on automatic enablement of default standards, Security Hub adds _new_ organization accounts as members and enables Security Hub in them in the current Region. Other Regions aren't affected. In addition, turning on automatic enablement doesn't enable Security Hub in _existing_ organization accounts unless they were already added as member accounts. +When you use local configuration and turn on automatic enablement of default standards, Security Hub CSPM adds _new_ organization accounts as members and enables Security Hub CSPM in them in the current Region. Other Regions aren't affected. In addition, turning on automatic enablement doesn't enable Security Hub CSPM in _existing_ organization accounts unless they were already added as member accounts. @@ -35 +35 @@ To generate control findings for the default standards (and other enabled standa -Choose your preferred method, and follow the steps to automatically enable Security Hub in new organization accounts. These instructions apply only if you use local configuration. +Choose your preferred method, and follow the steps to automatically enable Security Hub CSPM in new organization accounts. These instructions apply only if you use local configuration. @@ -37 +37 @@ Choose your preferred method, and follow the steps to automatically enable Secur -Security Hub console +Security Hub CSPM console @@ -40 +40 @@ Security Hub console -###### To automatically enable new organization accounts as Security Hub members +###### To automatically enable new organization accounts as Security Hub CSPM members @@ -42 +42 @@ Security Hub console - 1. Open the AWS Security Hub console at [https://console.aws.amazon.com/securityhub/](https://console.aws.amazon.com/securityhub/). + 1. Open the AWS Security Hub Cloud Security Posture Management (CSPM) console at [https://console.aws.amazon.com/securityhub/](https://console.aws.amazon.com/securityhub/). @@ -46 +46 @@ Sign is using the credentials of the delegated administrator account. - 2. In the Security Hub navigation pane, under **Settings** , choose **Configuration**. + 2. In the Security Hub CSPM navigation pane, under **Settings** , choose **Configuration**. @@ -53 +53 @@ Sign is using the credentials of the delegated administrator account. -Security Hub API +Security Hub CSPM API @@ -56 +56 @@ Security Hub API -**To automatically enable new organization accounts as Security Hub members** +**To automatically enable new organization accounts as Security Hub CSPM members** @@ -58 +58 @@ Security Hub API -Invoke the [`UpdateOrganizationConfiguration`](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_UpdateOrganizationConfiguration.html) API from the delegated administrator account. Set the `AutoEnable` field to `true` to automatically enable Security Hub in new organization accounts. +Invoke the [`UpdateOrganizationConfiguration`](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_UpdateOrganizationConfiguration.html) API from the delegated administrator account. Set the `AutoEnable` field to `true` to automatically enable Security Hub CSPM in new organization accounts. @@ -63 +63 @@ AWS CLI -**To automatically enable new organization accounts as Security Hub members** +**To automatically enable new organization accounts as Security Hub CSPM members** @@ -65 +65 @@ AWS CLI -Run the [`update-organization-configuration`](https://docs.aws.amazon.com/cli/latest/reference/securityhub/update-organization-configuration.html) command from the delegated administrator account. Include the `auto-enable` parameter to automatically enable Security Hub in new organization accounts. +Run the [`update-organization-configuration`](https://docs.aws.amazon.com/cli/latest/reference/securityhub/update-organization-configuration.html) command from the delegated administrator account. Include the `auto-enable` parameter to automatically enable Security Hub CSPM in new organization accounts. @@ -78 +78 @@ Disabling integration with Organizations -Manually enabling Security Hub in new accounts +Manually enabling Security Hub CSPM in new accounts