AWS Security ChangesHomeSearch

AWS securityhub documentation change

Service: securityhub · 2025-06-19 · Documentation low

File: securityhub/latest/userguide/cis-aws-foundations-benchmark.md

Summary

Updated references from 'Security Hub' to 'Security Hub CSPM' throughout the document, added CSPM branding, and adjusted documentation links.

Security assessment

The changes emphasize Security Hub's Cloud Security Posture Management (CSPM) capabilities, which are inherently security-focused. However, there is no evidence these updates address a specific security vulnerability or incident. The modifications primarily clarify product positioning and update terminology to reflect CSPM integration.

Diff

diff --git a/securityhub/latest/userguide/cis-aws-foundations-benchmark.md b/securityhub/latest/userguide/cis-aws-foundations-benchmark.md
index e07520f00..715fddfc4 100644
--- a//securityhub/latest/userguide/cis-aws-foundations-benchmark.md
+++ b//securityhub/latest/userguide/cis-aws-foundations-benchmark.md
@@ -3 +3 @@
-[Documentation](/index.html)[AWS Security Hub](/securityhub/index.html)[User Guide](what-is-securityhub.html)
+[Documentation](/index.html)[AWS Security Hub](/securityhub/index.html)[ User Guide ](what-is-security-hub-adv.html)
@@ -7 +7 @@ CIS AWS Foundations Benchmark version 3.0.0CIS AWS Foundations Benchmark version
-# CIS AWS Foundations Benchmark in Security Hub
+# CIS AWS Foundations Benchmark in Security Hub CSPM
@@ -11 +11 @@ The Center for Internet Security (CIS) AWS Foundations Benchmark serves as a set
-AWS Security Hub supports CIS AWS Foundations Benchmark versions 3.0.0, 1.4.0, and 1.2.0. This page lists the security controls that each version supports. It also provides a comparison of the versions.
+AWS Security Hub Cloud Security Posture Management (CSPM) supports CIS AWS Foundations Benchmark versions 3.0.0, 1.4.0, and 1.2.0. This page lists the security controls that each version supports. It also provides a comparison of the versions.
@@ -15 +15 @@ AWS Security Hub supports CIS AWS Foundations Benchmark versions 3.0.0, 1.4.0, a
-Security Hub supports version 3.0.0 (v3.0.0) of the CIS AWS Foundations Benchmark. Security Hub has satisfied the requirements of CIS Security Software Certification and has been awarded CIS Security Software Certification for the following CIS Benchmarks: 
+Security Hub CSPM supports version 3.0.0 (v3.0.0) of the CIS AWS Foundations Benchmark. Security Hub CSPM has satisfied the requirements of CIS Security Software Certification and has been awarded CIS Security Software Certification for the following CIS Benchmarks: 
@@ -102 +102 @@ Security Hub supports version 3.0.0 (v3.0.0) of the CIS AWS Foundations Benchmar
-Security Hub supports version 1.4.0 (v1.4.0) of the CIS AWS Foundations Benchmark.
+Security Hub CSPM supports version 1.4.0 (v1.4.0) of the CIS AWS Foundations Benchmark.
@@ -186 +186 @@ Security Hub supports version 1.4.0 (v1.4.0) of the CIS AWS Foundations Benchmar
-Security Hub supports version 1.2.0 (v1.2.0) of the CIS AWS Foundations Benchmark. Security Hub has satisfied the requirements of CIS Security Software Certification and has been awarded CIS Security Software Certification for the following CIS Benchmarks: 
+Security Hub CSPM supports version 1.2.0 (v1.2.0) of the CIS AWS Foundations Benchmark. Security Hub CSPM has satisfied the requirements of CIS Security Software Certification and has been awarded CIS Security Software Certification for the following CIS Benchmarks: 
@@ -283 +283 @@ Security Hub supports version 1.2.0 (v1.2.0) of the CIS AWS Foundations Benchmar
-This section summarizes the differences between specific versions of the Center for Internet Security (CIS) AWS Foundations Benchmark—v3.0.0, v1.4.0, and v1.2.0. AWS Security Hub supports each of these versions of the CIS AWS Foundations Benchmark. However, we recommend using v3.0.0 to stay current with security best practices. You can have multiple versions of the standard enabled at the same time. For information about enabling standards, see [Enabling a security standard in Security Hub](./enable-standards.html). If you want to upgrade to v3.0.0, enable it before you disable an older version. This prevents gaps in your security checks. If you use the Security Hub integration with AWS Organizations and want to batch enable v3.0.0 in multiple accounts, we recommend using [central configuration](./central-configuration-intro.html).
+This section summarizes the differences between specific versions of the Center for Internet Security (CIS) AWS Foundations Benchmark—v3.0.0, v1.4.0, and v1.2.0. AWS Security Hub Cloud Security Posture Management (CSPM) supports each of these versions of the CIS AWS Foundations Benchmark. However, we recommend using v3.0.0 to stay current with security best practices. You can have multiple versions of the standard enabled at the same time. For information about enabling standards, see [Enabling a security standard](./enable-standards.html). If you want to upgrade to v3.0.0, enable it before you disable an older version. This prevents gaps in your security checks. If you use the Security Hub CSPM integration with AWS Organizations and want to batch enable v3.0.0 in multiple accounts, we recommend using [central configuration](./central-configuration-intro.html).
@@ -373 +373 @@ When you enable one or more versions of the CIS AWS Foundations Benchmark, you b
-You can use the [GetEnabledStandards](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_GetEnabledStandards.html) operation of the Security Hub API to find the ARN of an enabled standard.
+You can use the [GetEnabledStandards](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_GetEnabledStandards.html) operation of the Security Hub CSPM API to find the ARN of an enabled standard.
@@ -375 +375 @@ You can use the [GetEnabledStandards](https://docs.aws.amazon.com/securityhub/1.
-The preceding values are for `StandardsArn`. However, `StandardsSubscriptionArn` refers to the standard subscription resource that Security Hub creates when you subscribe to a standard by calling [BatchEnableStandards](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_BatchEnableStandards.html) in a Region.
+The preceding values are for `StandardsArn`. However, `StandardsSubscriptionArn` refers to the standard subscription resource that Security Hub CSPM creates when you subscribe to a standard by calling [BatchEnableStandards](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_BatchEnableStandards.html) in a Region.
@@ -379 +379 @@ The preceding values are for `StandardsArn`. However, `StandardsSubscriptionArn`
-When you enable a version of the CIS AWS Foundations Benchmark, it can take up to 18 hours for Security Hub to generate findings for controls that use the same AWS Config service-linked rule as enabled controls in other enabled standards. For more information about the schedule for generating control findings, see [Schedule for running security checks](./securityhub-standards-schedule.html).
+When you enable a version of the CIS AWS Foundations Benchmark, it can take up to 18 hours for Security Hub CSPM to generate findings for controls that use the same AWS Config service-linked rule as enabled controls in other enabled standards. For more information about the schedule for generating control findings, see [Schedule for running security checks](./securityhub-standards-schedule.html).
@@ -381 +381 @@ When you enable a version of the CIS AWS Foundations Benchmark, it can take up t
-Finding fields differ if you turn on consolidated control findings. For information about these differences, see [Impact of consolidation on ASFF fields and values](./asff-changes-consolidation.html). For sample control findings, see [Samples of control findings in Security Hub](./sample-control-findings.html).
+Finding fields differ if you turn on consolidated control findings. For information about these differences, see [Impact of consolidation on ASFF fields and values](./asff-changes-consolidation.html). For sample control findings, see [Samples of control findings](./sample-control-findings.html).
@@ -383 +383 @@ Finding fields differ if you turn on consolidated control findings. For informat
-### CIS requirements that aren't supported in Security Hub
+### CIS requirements that aren't supported in Security Hub CSPM
@@ -385 +385 @@ Finding fields differ if you turn on consolidated control findings. For informat
-As noted in the preceding table, Security Hub doesn't support every CIS requirement in every version of the CIS AWS Foundations Benchmark. Many of the unsupported requirements can be evaluated only by manually reviewing the state of your AWS resources.
+As noted in the preceding table, Security Hub CSPM doesn't support every CIS requirement in every version of the CIS AWS Foundations Benchmark. Many of the unsupported requirements can be evaluated only by manually reviewing the state of your AWS resources.