AWS Security ChangesHomeSearch

AWS securityhub documentation change

Service: securityhub · 2025-06-19 · Documentation low

File: securityhub/latest/userguide/central-configuration-management-type.md

Summary

Updated documentation to reflect rebranding of 'Security Hub' to 'Security Hub Cloud Security Posture Management (CSPM)' across API references, console instructions, and terminology. Added CSPM-specific branding to clarify administrative roles, API operations, and configuration policies.

Security assessment

The changes primarily involve rebranding and clarifying the product name to include 'Cloud Security Posture Management (CSPM)', which is a security-focused service. While this emphasizes security posture management capabilities, there is no evidence of addressing a specific vulnerability or security incident. The updates improve clarity about security features but do not introduce new security controls or mitigate disclosed risks.

Diff

diff --git a/securityhub/latest/userguide/central-configuration-management-type.md b/securityhub/latest/userguide/central-configuration-management-type.md
index 22eb06c2e..ad69d08ec 100644
--- a//securityhub/latest/userguide/central-configuration-management-type.md
+++ b//securityhub/latest/userguide/central-configuration-management-type.md
@@ -3 +3 @@
-[Documentation](/index.html)[AWS Security Hub](/securityhub/index.html)[User Guide](what-is-securityhub.html)
+[Documentation](/index.html)[AWS Security Hub](/securityhub/index.html)[ User Guide ](what-is-security-hub-adv.html)
@@ -9 +9 @@ Options to configure settings in self-managed accountsChoosing the management ty
-When you enable central configuration, the delegated AWS Security Hub administrator can designate each organization account, organizational unit (OU), and the root as _centrally managed_ or _self-managed_. The management type of a target determines how you can specify its Security Hub settings.
+When you enable central configuration, the delegated AWS Security Hub Cloud Security Posture Management (CSPM) administrator can designate each organization account, organizational unit (OU), and the root as _centrally managed_ or _self-managed_. The management type of a target determines how you can specify its Security Hub CSPM settings.
@@ -11 +11 @@ When you enable central configuration, the delegated AWS Security Hub administra
-For background information about the benefits of central configuration and how it works, see [Understanding central configuration in Security Hub](./central-configuration-intro.html).
+For background information about the benefits of central configuration and how it works, see [Understanding central configuration in Security Hub CSPM](./central-configuration-intro.html).
@@ -23 +23 @@ The owner of a self-managed account, OU, or root must configure its settings sep
-Only the delegated Security Hub administrator can configure settings for centrally managed accounts, OUs, or the root across the home Region and linked Regions. Configuration policies can be associated with centrally managed accounts and OUs.
+Only the delegated Security Hub CSPM administrator can configure settings for centrally managed accounts, OUs, or the root across the home Region and linked Regions. Configuration policies can be associated with centrally managed accounts and OUs.
@@ -25 +25 @@ Only the delegated Security Hub administrator can configure settings for central
-The delegated administrator can switch the status of a target between self-managed and centrally managed. By default, all accounts and OU are self-managed when you start central configuration through the Security Hub API. In the console, management type depends on your first configuration policy. Accounts and OUs that you associate with your first policy are centrally managed. Other accounts and OUs are self-managed by default.
+The delegated administrator can switch the status of a target between self-managed and centrally managed. By default, all accounts and OU are self-managed when you start central configuration through the Security Hub CSPM API. In the console, management type depends on your first configuration policy. Accounts and OUs that you associate with your first policy are centrally managed. Other accounts and OUs are self-managed by default.
@@ -29 +29 @@ If you associate a configuration policy with a previously self-managed account,
-If you change a centrally managed account to a self-managed account, the settings that were previously applied to the account through a configuration policy remain in place. For example, a centrally managed account could initially be associated with a policy that enabled Security Hub, enabled AWS Foundational Security Best Practices v1.0.0, and disabled CloudTrail.1. If you then designate the account as self-managed, all of the settings remain unchanged. However, the account owner can independently change the settings for the account going forward.
+If you change a centrally managed account to a self-managed account, the settings that were previously applied to the account through a configuration policy remain in place. For example, a centrally managed account could initially be associated with a policy that enabled Security Hub CSPM, enabled AWS Foundational Security Best Practices, and disabled CloudTrail.1. If you then designate the account as self-managed, all of the settings remain unchanged. However, the account owner can independently change the settings for the account going forward.
@@ -39 +39 @@ Self-managed accounts must configure their own settings separately in each Regio
-Owners of self-managed accounts can invoke the following operations of the Security Hub API in each Region to configure their settings:
+Owners of self-managed accounts can invoke the following operations of the Security Hub CSPM API in each Region to configure their settings:
@@ -41 +41 @@ Owners of self-managed accounts can invoke the following operations of the Secur
-  * `EnableSecurityHub` and `DisableSecurityHub` to enable or disable the Security Hub service (if a self-managed account has a delegated Security Hub administrator, the administrator must [disassociate the account](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_DisassociateMembers.html) before the account owner can disable Security Hub).
+  * `EnableSecurityHub` and `DisableSecurityHub` to enable or disable the Security Hub CSPM service (if a self-managed account has a delegated Security Hub CSPM administrator, the administrator must [disassociate the account](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_DisassociateMembers.html) before the account owner can disable Security Hub CSPM).
@@ -52 +52 @@ Self-managed accounts can also use `*Invitations` and `*Members` operations. How
-For descriptions of Security Hub API actions, see the [_AWS Security Hub API Reference_](https://docs.aws.amazon.com/securityhub/1.0/APIReference/Welcome.html).
+For descriptions of Security Hub CSPM API actions, see the [_AWS Security Hub Cloud Security Posture Management (CSPM) API Reference_](https://docs.aws.amazon.com/securityhub/1.0/APIReference/Welcome.html).
@@ -54 +54 @@ For descriptions of Security Hub API actions, see the [_AWS Security Hub API Ref
-Self-managed accounts can also use the Security Hub console or AWS CLI to configure their settings in each Region.
+Self-managed accounts can also use the Security Hub CSPM console or AWS CLI to configure their settings in each Region.
@@ -56 +56 @@ Self-managed accounts can also use the Security Hub console or AWS CLI to config
-Self-managed accounts can't invoke any APIs related to Security Hub configuration policies and policy associations. Only the delegated administrator can invoke central configuration APIs and use configuration policies to configure centrally managed accounts.
+Self-managed accounts can't invoke any APIs related to Security Hub CSPM configuration policies and policy associations. Only the delegated administrator can invoke central configuration APIs and use configuration policies to configure centrally managed accounts.
@@ -60 +60 @@ Self-managed accounts can't invoke any APIs related to Security Hub configuratio
-Choose your preferred method, and follow the steps to designate an account or OU as centrally managed or self-managed in AWS Security Hub.
+Choose your preferred method, and follow the steps to designate an account or OU as centrally managed or self-managed in AWS Security Hub Cloud Security Posture Management (CSPM).
@@ -62 +62 @@ Choose your preferred method, and follow the steps to designate an account or OU
-Security Hub console
+Security Hub CSPM console
@@ -67 +67 @@ Security Hub console
-  1. Open the AWS Security Hub console at [https://console.aws.amazon.com/securityhub/](https://console.aws.amazon.com/securityhub/).
+  1. Open the AWS Security Hub Cloud Security Posture Management (CSPM) console at [https://console.aws.amazon.com/securityhub/](https://console.aws.amazon.com/securityhub/).
@@ -69 +69 @@ Security Hub console
-Sign in using the credentials of the delegated Security Hub administrator account in the home Region.
+Sign in using the credentials of the delegated Security Hub CSPM administrator account in the home Region.
@@ -82 +82 @@ Sign in using the credentials of the delegated Security Hub administrator accoun
-Security Hub API
+Security Hub CSPM API
@@ -87 +87 @@ Security Hub API
-  1. Invoke the [StartConfigurationPolicyAssociation](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_StartConfigurationPolicyAssociation.html) API from the Security Hub delegated administrator account in the home Region.
+  1. Invoke the [StartConfigurationPolicyAssociation](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_StartConfigurationPolicyAssociation.html) API from the Security Hub CSPM delegated administrator account in the home Region.
@@ -110 +110 @@ AWS CLI
-  1. Run the [start-configuration-policy-association](https://docs.aws.amazon.com/cli/latest/reference/securityhub/start-configuration-policy-association.html) command from the Security Hub delegated administrator account in the home Region.
+  1. Run the [start-configuration-policy-association](https://docs.aws.amazon.com/cli/latest/reference/securityhub/start-configuration-policy-association.html) command from the Security Hub CSPM delegated administrator account in the home Region.