AWS Security ChangesHomeSearch

AWS securityhub documentation change

Service: securityhub · 2025-06-19 · Documentation low

File: securityhub/latest/userguide/controls-view-manage.md

Summary

Updated documentation to reflect rebranding from 'Security Hub' to 'Security Hub CSPM' (Cloud Security Posture Management) throughout the document, including console references, control descriptions, and API operations.

Security assessment

The changes emphasize CSPM (Cloud Security Posture Management), which is a security-focused feature. While this clarifies the product's security capabilities, there is no evidence of addressing a specific vulnerability or security incident. The updates primarily rebrand existing functionality under the CSPM context.

Diff

diff --git a/securityhub/latest/userguide/controls-view-manage.md b/securityhub/latest/userguide/controls-view-manage.md
index fa211e095..fe44fe3d6 100644
--- a//securityhub/latest/userguide/controls-view-manage.md
+++ b//securityhub/latest/userguide/controls-view-manage.md
@@ -3 +3 @@
-[Documentation](/index.html)[AWS Security Hub](/securityhub/index.html)[User Guide](what-is-securityhub.html)
+[Documentation](/index.html)[AWS Security Hub](/securityhub/index.html)[ User Guide ](what-is-security-hub-adv.html)
@@ -7 +7 @@ Consolidated controls viewSummary security score for controls
-# Understanding security controls in Security Hub
+# Understanding security controls in Security Hub CSPM
@@ -9 +9 @@ Consolidated controls viewSummary security score for controls
-A security control is a safeguard within a security standard that helps an organization protect the confidentiality, integrity, and availability of its information. In Security Hub, a control is related to a specific AWS resource.
+In AWS Security Hub Cloud Security Posture Management (CSPM), a _security control_ , also referred to as a _control_ , is a safeguard within a security standard that helps an organization protect the confidentiality, integrity, and availability of its information. In Security Hub CSPM, a control is related to a specific AWS resource.
@@ -11 +11 @@ A security control is a safeguard within a security standard that helps an organ
-When you enable a control in one or more standards, Security Hub begins running security checks on it. The security checks result in Security Hub findings. When you disable a control, Security Hub stops running security checks on it, and findings are no longer generated.
+When you enable a control in one or more standards, Security Hub CSPM begins running security checks on it. The security checks result in Security Hub CSPM findings. When you disable a control, Security Hub CSPM stops running security checks on it, and findings are no longer generated.
@@ -13 +13 @@ When you enable a control in one or more standards, Security Hub begins running
-You can enable or disable controls individually for a single account and AWS Region. To save time and reduce configuration drift in multi-account environments, we recommend using [central configuration](./central-configuration-intro.html) to enable or disable controls. With central configuration, the delegated Security Hub administrator can create policies that specify how a control should be configured across multiple accounts and Regions. For more information about enabling and disabling controls, see [Enabling controls in Security Hub](./securityhub-standards-enable-disable-controls.html).
+You can enable or disable controls individually for a single account and AWS Region. To save time and reduce configuration drift in multi-account environments, we recommend using [central configuration](./central-configuration-intro.html) to enable or disable controls. With central configuration, the delegated Security Hub CSPM administrator can create policies that specify how a control should be configured across multiple accounts and Regions. For more information about enabling and disabling controls, see [Enabling controls in Security Hub CSPM](./securityhub-standards-enable-disable-controls.html).
@@ -17 +17 @@ You can enable or disable controls individually for a single account and AWS Reg
-The **Controls** page of the Security Hub console displays all of the controls available in the current AWS Region (you can view controls in the context of a standard by visiting the **Security standards** page and choosing an enabled standard). Security Hub assigns controls a consistent security control ID, title, and description across standards. Controls IDs include the relevant AWS service and a unique number (for example, CodeBuild.3).
+The **Controls** page of the Security Hub CSPM console displays all of the controls available in the current AWS Region (you can view controls in the context of a standard by visiting the **Security standards** page and choosing an enabled standard). Security Hub CSPM assigns controls a consistent security control ID, title, and description across standards. Controls IDs include the relevant AWS service and a unique number (for example, CodeBuild.3).
@@ -19 +19 @@ The **Controls** page of the Security Hub console displays all of the controls a
-The following information is available on the **Controls** page of the [Security Hub console](https://console.aws.amazon.com/securityhub/):
+The following information is available on the **Controls** page of the [Security Hub CSPM console](https://console.aws.amazon.com/securityhub/):
@@ -23 +23 @@ The following information is available on the **Controls** page of the [Security
-  * Breakdown of control statuses across all supported Security Hub controls
+  * Breakdown of control statuses across all supported Security Hub CSPM controls
@@ -29 +29 @@ The following information is available on the **Controls** page of the [Security
-  * A list of Security Hub controls, with filters to view specific subsets of controls.
+  * A list of Security Hub CSPM controls, with filters to view specific subsets of controls.
@@ -34 +34 @@ The following information is available on the **Controls** page of the [Security
-From the **Controls** page, you can choose a control to view its details and take action on the findings generated by the control. From this page, you can also enable or disable a security control in your current AWS account and AWS Region. Enablement and disablement actions from the **Controls** page apply across standards. For more information, see [Enabling controls in Security Hub](./securityhub-standards-enable-disable-controls.html).
+From the **Controls** page, you can choose a control to view its details and take action on the findings generated by the control. From this page, you can also enable or disable a security control in your current AWS account and AWS Region. Enablement and disablement actions from the **Controls** page apply across standards. For more information, see [Enabling controls in Security Hub CSPM](./securityhub-standards-enable-disable-controls.html).
@@ -46 +46 @@ The **Controls** page displays a summary security score from 0–100 percent. Th
-To view the overall security score for controls, you must add permission to call **`BatchGetControlEvaluations`** to the IAM role that you use to access Security Hub. This permission isn't required to view security scores for specific standards. 
+To view the overall security score for controls, you must add permission to call **`BatchGetControlEvaluations`** to the IAM role that you use to access Security Hub CSPM. This permission isn't required to view security scores for specific standards. 
@@ -48 +48 @@ To view the overall security score for controls, you must add permission to call
-When you enable Security Hub, Security Hub calculates the initial security score within 30 minutes after your first visit to the **Summary** page or **Security standards** page on the Security Hub console. It can take up to 24 hours for first-time security scores to be generated in the China Regions and AWS GovCloud (US) Regions.
+When you enable Security Hub CSPM, Security Hub CSPM calculates the initial security score within 30 minutes after your first visit to the **Summary** page or **Security standards** page on the Security Hub CSPM console. It can take up to 24 hours for first-time security scores to be generated in the China Regions and AWS GovCloud (US) Regions.
@@ -50 +50 @@ When you enable Security Hub, Security Hub calculates the initial security score
-In addition to the overall security score, Security Hub calculates a standard security score for each enabled standard within 30 minutes after your first visit to the **Summary** page or **Security standards** page. To view a list of standards that are currently enabled, use the [`GetEnabledStandards`](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_GetEnabledStandards.html) API operation.
+In addition to the overall security score, Security Hub CSPM calculates a standard security score for each enabled standard within 30 minutes after your first visit to the **Summary** page or **Security standards** page. To view a list of standards that are currently enabled, use the [`GetEnabledStandards`](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_GetEnabledStandards.html) API operation.
@@ -52 +52 @@ In addition to the overall security score, Security Hub calculates a standard se
-AWS Config must be enabled with resource recording for scores to appear. For information about how Security Hub calculates security scores, see [Calculating security scores](./standards-security-score.html).
+AWS Config must be enabled with resource recording for scores to appear. For information about how Security Hub CSPM calculates security scores, see [Calculating security scores](./standards-security-score.html).
@@ -54 +54 @@ AWS Config must be enabled with resource recording for scores to appear. For inf
-After first-time score generation, Security Hub updates security scores every 24 hours. Security Hub displays a timestamp to indicate when a security score was last updated.
+After first-time score generation, Security Hub CSPM updates security scores every 24 hours. Security Hub CSPM displays a timestamp to indicate when a security score was last updated.