AWS Security ChangesHomeSearch

AWS securityhub documentation change

Service: securityhub · 2025-06-19 · Documentation low

File: securityhub/latest/userguide/controls-findings-create-update.md

Summary

Updated documentation to consistently reference 'Security Hub CSPM' instead of 'Security Hub', clarified product branding and service scope

Security assessment

Changes primarily involve rebranding to 'Security Hub CSPM' without introducing new security mechanisms or addressing vulnerabilities. The updates clarify product positioning but don't modify security functionality or disclose new security features. No evidence of vulnerability fixes or incident response.

Diff

diff --git a/securityhub/latest/userguide/controls-findings-create-update.md b/securityhub/latest/userguide/controls-findings-create-update.md
index c871ff461..4f997c430 100644
--- a//securityhub/latest/userguide/controls-findings-create-update.md
+++ b//securityhub/latest/userguide/controls-findings-create-update.md
@@ -3 +3 @@
-[Documentation](/index.html)[AWS Security Hub](/securityhub/index.html)[User Guide](what-is-securityhub.html)
+[Documentation](/index.html)[AWS Security Hub](/securityhub/index.html)[ User Guide ](what-is-security-hub-adv.html)
@@ -9 +9 @@ Consolidated control findingsGenerating new findings versus updating existing fi
-AWS Security Hub generates findings by running checks against security controls. These findings use the AWS Security Finding Format (ASFF). Note that if the finding size exceeds the maximum of 240 KB, then the `Resource.Details` object is removed. For controls that are backed by AWS Config resources, you can view the resource details on the AWS Config console.
+AWS Security Hub Cloud Security Posture Management (CSPM) generates findings by running checks against security controls. These findings use the AWS Security Finding Format (ASFF). Note that if the finding size exceeds the maximum of 240 KB, then the `Resource.Details` object is removed. For controls that are backed by AWS Config resources, you can view the resource details on the AWS Config console.
@@ -11 +11 @@ AWS Security Hub generates findings by running checks against security controls.
-Security Hub normally charges for each security check for a control. However, if multiple controls use the same AWS Config rule, then Security Hub only charges once for each check against the AWS Config rule. If you enable consolidated control findings, Security Hub generates a single finding for a security check even when the control is included in multiple enabled standards.
+Security Hub CSPM normally charges for each security check for a control. However, if multiple controls use the same AWS Config rule, then Security Hub CSPM only charges once for each check against the AWS Config rule. If you enable consolidated control findings, Security Hub CSPM generates a single finding for a security check even when the control is included in multiple enabled standards.
@@ -13 +13 @@ Security Hub normally charges for each security check for a control. However, if
-For example, the AWS Config rule `iam-password-policy` is used by multiple controls in the Center for Internet Security (CIS) AWS Foundations Benchmark standard and the Foundational Security Best Practices standard. Each time Security Hub runs a check against that AWS Config rule, it generates a separate finding for each related control, but only charges once for the check.
+For example, the AWS Config rule `iam-password-policy` is used by multiple controls in the Center for Internet Security (CIS) AWS Foundations Benchmark standard and the Foundational Security Best Practices standard. Each time Security Hub CSPM runs a check against that AWS Config rule, it generates a separate finding for each related control, but only charges once for the check.
@@ -17 +17 @@ For example, the AWS Config rule `iam-password-policy` is used by multiple contr
-If consolidated control findings is enabled for your account, Security Hub generates a single new finding or finding update for each security check of a control, even if a control applies to multiple enabled standards. For a list of controls and the standards that they apply to, see the [Security Hub controls reference](./securityhub-controls-reference.html). We recommend enabling consolidated control findings to reduce finding noise.
+If consolidated control findings is enabled for your account, Security Hub CSPM generates a single new finding or finding update for each security check of a control, even if a control applies to multiple enabled standards. For a list of controls and the standards that they apply to, see the [Control reference for Security Hub CSPM](./securityhub-controls-reference.html). We recommend enabling consolidated control findings to reduce finding noise.
@@ -19 +19 @@ If consolidated control findings is enabled for your account, Security Hub gener
-If you enabled Security Hub for an AWS account before February 23, 2023, you can enable consolidated control findings by following the instructions later in this section. If you enable Security Hub on or after February 23, 2023, consolidated control findings is automatically enabled for your account.
+If you enabled Security Hub CSPM for an AWS account before February 23, 2023, you can enable consolidated control findings by following the instructions later in this section. If you enable Security Hub CSPM on or after February 23, 2023, consolidated control findings is automatically enabled for your account.
@@ -21 +21 @@ If you enabled Security Hub for an AWS account before February 23, 2023, you can
-However, if you use the [Security Hub integration with AWS Organizations](./securityhub-accounts-orgs.html) or invited member accounts through a [manual invitation process](./account-management-manual.html), consolidated control findings is enabled for member accounts only if it's enabled for the administrator account. If the feature is disabled for the administrator account, it's disabled for member accounts. This behavior applies to new and existing member accounts. If the administrator uses [central configuration](./central-configuration-intro.html) to manage Security Hub for multiple accounts, they cannot use central configuration policies to enable or disable consolidated control findings for the accounts.
+However, if you use the [Security Hub CSPM integration with AWS Organizations](./securityhub-accounts-orgs.html) or invited member accounts through a [manual invitation process](./account-management-manual.html), consolidated control findings is enabled for member accounts only if it's enabled for the administrator account. If the feature is disabled for the administrator account, it's disabled for member accounts. This behavior applies to new and existing member accounts. If the administrator uses [central configuration](./central-configuration-intro.html) to manage Security Hub CSPM for multiple accounts, they cannot use central configuration policies to enable or disable consolidated control findings for the accounts.
@@ -23 +23 @@ However, if you use the [Security Hub integration with AWS Organizations](./secu
-If you disable consolidated control findings for your account, Security Hub generates a separate finding per security check for each enabled standard that includes a control. For example, if four enabled standards share a control with the same underlying AWS Config rule, you receive four separate findings after a security check of the control. If you enable consolidated control findings, you receive only one finding.
+If you disable consolidated control findings for your account, Security Hub CSPM generates a separate finding per security check for each enabled standard that includes a control. For example, if four enabled standards share a control with the same underlying AWS Config rule, you receive four separate findings after a security check of the control. If you enable consolidated control findings, you receive only one finding.
@@ -25 +25 @@ If you disable consolidated control findings for your account, Security Hub gene
-When you enable consolidated control findings, Security Hub creates new standard-agnostic findings and archives the original standard-based findings. Some control finding fields and values will change, which might impact existing workflows. For information about these changes, see [Consolidated control findings – ASFF changes](./asff-changes-consolidation.html#securityhub-findings-format-consolidated-control-findings).
+When you enable consolidated control findings, Security Hub CSPM creates new standard-agnostic findings and archives the original standard-based findings. Some control finding fields and values will change, which might impact existing workflows. For information about these changes, see [Consolidated control findings – ASFF changes](./asff-changes-consolidation.html#securityhub-findings-format-consolidated-control-findings).
@@ -27 +27 @@ When you enable consolidated control findings, Security Hub creates new standard
-Turning on consolidated control findings might also affect findings that integrated third-party products receive from Security Hub. [Automated Security Response on AWS v2.0.0](https://aws.amazon.com/solutions/implementations/aws-security-hub-automated-response-and-remediation/) supports consolidated control findings. 
+Turning on consolidated control findings might also affect findings that integrated third-party products receive from Security Hub CSPM. [Automated Security Response on AWS v2.0.0](https://aws.amazon.com/solutions/implementations/aws-security-hub-automated-response-and-remediation/) supports consolidated control findings. 
@@ -33 +33 @@ To enable or disable consolidated control findings, you must be signed in to an
-After enabling consolidated control findings, it can take up to 24 hours for Security Hub for generate new, consolidated findings and archive the original, standard-based findings. Similarly, after disabling consolidated control findings, it can take up to 24 hours for Security Hub to generate new, standard-based findings and archive the consolidated findings. During these times, you might see a mix of standard-agnostic and standard-based findings in your account.
+After enabling consolidated control findings, it can take up to 24 hours for Security Hub CSPM for generate new, consolidated findings and archive the original, standard-based findings. Similarly, after disabling consolidated control findings, it can take up to 24 hours for Security Hub CSPM to generate new, standard-based findings and archive the consolidated findings. During these times, you might see a mix of standard-agnostic and standard-based findings in your account.
@@ -35 +35 @@ After enabling consolidated control findings, it can take up to 24 hours for Sec
-Security Hub console
+Security Hub CSPM console
@@ -40 +40 @@ Security Hub console
-  1. Open the AWS Security Hub console at [https://console.aws.amazon.com/securityhub/](https://console.aws.amazon.com/securityhub/).
+  1. Open the AWS Security Hub Cloud Security Posture Management (CSPM) console at [https://console.aws.amazon.com/securityhub/](https://console.aws.amazon.com/securityhub/).
@@ -53 +53 @@ Security Hub console
-Security Hub API, AWS CLI
+Security Hub CSPM API, AWS CLI
@@ -75 +75 @@ The following AWS CLI command disables consolidated control findings. This examp
-Security Hub runs security checks on a [schedule](./securityhub-standards-schedule.html). A subsequent check against a given control can generate a new result. For example, the status of a control could change from `FAILED` to `PASSED`. In this case, Security Hub generates a new finding that contains the most recent result.
+Security Hub CSPM runs security checks on a [schedule](./securityhub-standards-schedule.html). A subsequent check against a given control can generate a new result. For example, the status of a control could change from `FAILED` to `PASSED`. In this case, Security Hub CSPM generates a new finding that contains the most recent result.
@@ -77 +77 @@ Security Hub runs security checks on a [schedule](./securityhub-standards-schedu
-If a subsequent check against a given rule generates a result that is identical to the current result, Security Hub updates the existing finding. No new finding is generated.
+If a subsequent check against a given rule generates a result that is identical to the current result, Security Hub CSPM updates the existing finding. No new finding is generated.
@@ -79 +79 @@ If a subsequent check against a given rule generates a result that is identical
-Security Hub automatically archives findings from controls if the associated resource is deleted, the resource does not exist, or the control is disabled. A resource might no longer exist because the associated service isn't currently used. The findings are archived automatically based on one of the following criteria:
+Security Hub CSPM automatically archives findings from controls if the associated resource is deleted, the resource does not exist, or the control is disabled. A resource might no longer exist because the associated service isn't currently used. The findings are archived automatically based on one of the following criteria:
@@ -90 +90 @@ Security Hub automatically archives findings from controls if the associated res
-You can use Security Hub automation rules to update or suppress specific control findings. When you suppress a finding, it's still accessible in your account, but it indicates your belief that no action is needed to address the finding. By suppressing irrelevant findings, you can reduce finding noise. For example, you might suppress control findings that are generated in test accounts. Or, you might suppress findings related to specific resources. For more information about automatically updating or suppressing findings, see [Understanding automation rules in Security Hub](./automation-rules.html). 
+You can use Security Hub CSPM automation rules to update or suppress specific control findings. When you suppress a finding, it's still accessible in your account, but it indicates your belief that no action is needed to address the finding. By suppressing irrelevant findings, you can reduce finding noise. For example, you might suppress control findings that are generated in test accounts. Or, you might suppress findings related to specific resources. For more information about automatically updating or suppressing findings, see [Understanding automation rules in Security Hub CSPM](./automation-rules.html). 
@@ -92 +92 @@ You can use Security Hub automation rules to update or suppress specific control
-Automation rules are appropriate when you want to update or suppress specific control findings. However, if a control isn't relevant to your organization or use case, we recommend [disabling the control](./disable-controls-overview.html). When you disable a control, Security Hub doesn't run security checks on it, and you aren't charged.
+Automation rules are appropriate when you want to update or suppress specific control findings. However, if a control isn't relevant to your organization or use case, we recommend [disabling the control](./disable-controls-overview.html). When you disable a control, Security Hub CSPM doesn't run security checks on it, and you aren't charged.
@@ -111 +111 @@ The list of related requirements for the control in all enabled standards. The r
-The identifier for a control across security standards that Security Hub supports.
+The identifier for a control across security standards that Security Hub CSPM supports.
@@ -116 +116 @@ The identifier for a control across security standards that Security Hub support
-The result of the most recent check that Security Hub ran for a given control. The results of the previous checks are kept in an archived state for 90 days.
+The result of the most recent check that Security Hub CSPM ran for a given control. The results of the previous checks are kept in an archived state for 90 days.
@@ -123 +123 @@ Contains a list of reasons for the value of `Compliance.Status`. For each reason
-The following table lists the available status reason codes and descriptions. The remediation steps depend on which control generated a finding with the reason code. Choose a control from the [Security Hub controls reference](./securityhub-controls-reference.html) to see remediation steps for that control.
+The following table lists the available status reason codes and descriptions. The remediation steps depend on which control generated a finding with the reason code. Choose a control from the [Control reference for Security Hub CSPM](./securityhub-controls-reference.html) to see remediation steps for that control.
@@ -137 +137 @@ Reason code |  Compliance.Status |  Description
-`CONFIG_RECORDER_MISSING_REQUIRED_RESOURCE_TYPES` |  `FAILED` (for Config.1) |  AWS Config isn't recording all resource types that correspond to enabled Security Hub controls. Turn on recording for the following resources: `Resources that aren't being recorded`.  
+`CONFIG_RECORDER_MISSING_REQUIRED_RESOURCE_TYPES` |  `FAILED` (for Config.1) |  AWS Config isn't recording all resource types that correspond to enabled Security Hub CSPM controls. Turn on recording for the following resources: `Resources that aren't being recorded`.  
@@ -158 +158 @@ Reason code |  Compliance.Status |  Description
-`LAMBDA_CUSTOM_RUNTIME_DETAILS_NOT_AVAILABLE` |  FAILED |  Security Hub is unable to perform a check against a custom Lambda runtime.  
+`LAMBDA_CUSTOM_RUNTIME_DETAILS_NOT_AVAILABLE` |  FAILED |  Security Hub CSPM is unable to perform a check against a custom Lambda runtime.  
@@ -168 +168 @@ Reason code |  Compliance.Status |  Description
-When Security Hub runs security checks and generates control findings, the [ProductFields](./asff-top-level-attributes.html#asff-productfields) attribute in ASFF includes the following fields:
+When Security Hub CSPM runs security checks and generates control findings, the [ProductFields](./asff-top-level-attributes.html#asff-productfields) attribute in ASFF includes the following fields:
@@ -173 +173 @@ When Security Hub runs security checks and generates control findings, the [Prod
-Describes why Security Hub has archived existing findings.
+Describes why Security Hub CSPM has archived existing findings.
@@ -175 +175 @@ Describes why Security Hub has archived existing findings.
-For example, Security Hub archives existing findings when you disable a control or standard and when you turn consolidated control findings on or off.
+For example, Security Hub CSPM archives existing findings when you disable a control or standard and when you turn consolidated control findings on or off.
@@ -180 +180 @@ For example, Security Hub archives existing findings when you disable a control
-Provides the reason why Security Hub has archived existing findings.
+Provides the reason why Security Hub CSPM has archived existing findings.
@@ -182 +182 @@ Provides the reason why Security Hub has archived existing findings.
-For example, Security Hub archives existing findings when you disable a control or standard and when you turn consolidated control findings on or off.
+For example, Security Hub CSPM archives existing findings when you disable a control or standard and when you turn consolidated control findings on or off.
@@ -240 +240 @@ The ARN of the control. This field is removed if you enable consolidated control
-For control-based findings, the product name is Security Hub.
+For control-based findings, the product name is Security Hub CSPM.
@@ -259 +259 @@ The identifier of the finding. This field doesn't reference a standard if you en
-The severity assigned to a Security Hub control identifies the importance of the control. The severity of a control determines the severity label assigned to the control findings.
+The severity assigned to a Security Hub CSPM control identifies the importance of the control. The severity of a control determines the severity label assigned to the control findings.
@@ -318 +318 @@ For example, if a default VPC security group is open to inbound and outbound tra
-Security Hub recommends that you treat a high severity finding as a near-term priority. You should take immediate remediation steps. You also should consider the criticality of the resource.
+Security Hub CSPM recommends that you treat a high severity finding as a near-term priority. You should take immediate remediation steps. You also should consider the criticality of the resource.
@@ -325 +325 @@ For example, lack of encryption for data in transit is considered a medium sever
-Security Hub recommends that you investigate the implicated resource at your earliest convenience. You also should consider the criticality of the resource.
+Security Hub CSPM recommends that you investigate the implicated resource at your earliest convenience. You also should consider the criticality of the resource.