AWS securityhub documentation change
Summary
Updated references from 'Security Hub' to 'Security Hub CSPM' (Cloud Security Posture Management) throughout the document, including console/API/CLI references and policy configuration details. Added CSPM branding and updated links/headings.
Security assessment
The changes emphasize Cloud Security Posture Management (CSPM) features but do not address a specific security vulnerability. This appears to be documentation rebranding/clarification rather than a response to a security issue. However, explicitly documenting CSPM capabilities qualifies as adding security feature documentation.
Diff
diff --git a/securityhub/latest/userguide/create-associate-policy.md b/securityhub/latest/userguide/create-associate-policy.md index d3390906d..76801461f 100644 --- a//securityhub/latest/userguide/create-associate-policy.md +++ b//securityhub/latest/userguide/create-associate-policy.md @@ -3 +3 @@ -[Documentation](/index.html)[AWS Security Hub](/securityhub/index.html)[User Guide](what-is-securityhub.html) +[Documentation](/index.html)[AWS Security Hub](/securityhub/index.html)[ User Guide ](what-is-security-hub-adv.html) @@ -7 +7 @@ -The delegated AWS Security Hub administrator account can create configuration policies that specify how Security Hub, standards, and controls are configured in specified accounts and organizational units (OUs). A configuration policy takes effect only after the delegated administrator associates it with at least one account or organizational unit (OUs), or the root. The delegated administrator can also associate a self-managed configuration with accounts, OUs, or the root. +The delegated AWS Security Hub Cloud Security Posture Management (CSPM) administrator account can create configuration policies that specify how Security Hub CSPM, standards, and controls are configured in specified accounts and organizational units (OUs). A configuration policy takes effect only after the delegated administrator associates it with at least one account or organizational unit (OUs), or the root. The delegated administrator can also associate a self-managed configuration with accounts, OUs, or the root. @@ -9 +9 @@ The delegated AWS Security Hub administrator account can create configuration po -If this is your first time creating a configuration policy, we recommend first reviewing [How configuration policies work in Security Hub](./configuration-policies-overview.html). +If this is your first time creating a configuration policy, we recommend first reviewing [How configuration policies work in Security Hub CSPM](./configuration-policies-overview.html). @@ -11 +11 @@ If this is your first time creating a configuration policy, we recommend first r -Choose your preferred access method, and follow the steps to create and associate a configuration policy or self-managed configuration. When using the Security Hub console, you can associate a configuration with multiple accounts or OUs at the same time. When using the Security Hub API or AWS CLI, you can associate a configuration with only one account or OU in each request. +Choose your preferred access method, and follow the steps to create and associate a configuration policy or self-managed configuration. When using the Security Hub CSPM console, you can associate a configuration with multiple accounts or OUs at the same time. When using the Security Hub CSPM API or AWS CLI, you can associate a configuration with only one account or OU in each request. @@ -15 +15 @@ Choose your preferred access method, and follow the steps to create and associat -If you use central configuration, Security Hub automatically disables controls that involve global resources in all Regions except the home Region. Other controls that you choose to enable though a configuration policy are enabled in all Regions where they are available. To limit findings for these controls to just one Region, you can update your AWS Config recorder settings and turn off global resource recording in all Regions except the home Region. +If you use central configuration, Security Hub CSPM automatically disables controls that involve global resources in all Regions except the home Region. Other controls that you choose to enable though a configuration policy are enabled in all Regions where they are available. To limit findings for these controls to just one Region, you can update your AWS Config recorder settings and turn off global resource recording in all Regions except the home Region. @@ -17 +17 @@ If you use central configuration, Security Hub automatically disables controls t -If an enabled control that involves global resources isn't supported in the home Region, Security Hub tries to enable the control in one linked Region where the control is supported. With central configuration, you lack coverage for a control that isn't available in the home Region or any of the linked Regions. +If an enabled control that involves global resources isn't supported in the home Region, Security Hub CSPM tries to enable the control in one linked Region where the control is supported. With central configuration, you lack coverage for a control that isn't available in the home Region or any of the linked Regions. @@ -21 +21 @@ For a list of controls that involve global resources, see [Controls that use glo -Security Hub console +Security Hub CSPM console @@ -26 +26 @@ Security Hub console - 1. Open the AWS Security Hub console at [https://console.aws.amazon.com/securityhub/](https://console.aws.amazon.com/securityhub/). + 1. Open the AWS Security Hub Cloud Security Posture Management (CSPM) console at [https://console.aws.amazon.com/securityhub/](https://console.aws.amazon.com/securityhub/). @@ -28 +28 @@ Security Hub console -Sign in using the credentials of the delegated Security Hub administrator account in the home Region. +Sign in using the credentials of the delegated Security Hub CSPM administrator account in the home Region. @@ -34 +34 @@ Sign in using the credentials of the delegated Security Hub administrator accoun - * Choose **Use the AWS recommended Security Hub configuration across my entire organization** to use our recommended policy. The recommended policy enables Security Hub in all organization accounts, enables the AWS Foundational Security Best Practices (FSBP) standard, and enables all new and existing FSBP controls. The controls use default parameter values. + * Choose **Use the AWS recommended Security Hub CSPM configuration across my entire organization** to use our recommended policy. The recommended policy enables Security Hub CSPM in all organization accounts, enables the AWS Foundational Security Best Practices (FSBP) standard, and enables all new and existing FSBP controls. The controls use default parameter values. @@ -38 +38 @@ Sign in using the credentials of the delegated Security Hub administrator accoun - * Choose **Custom policy** to create a custom configuration policy. Specify whether to enable or disable Security Hub, which standards to enable, and which controls to enable across those standards. Optionally, specify [custom parameter values](./custom-control-parameters.html) for one or more enabled controls that support custom parameters. + * Choose **Custom policy** to create a custom configuration policy. Specify whether to enable or disable Security Hub CSPM, which standards to enable, and which controls to enable across those standards. Optionally, specify [custom parameter values](./custom-control-parameters.html) for one or more enabled controls that support custom parameters. @@ -55 +55 @@ Sign in using the credentials of the delegated Security Hub administrator accoun -Security Hub API +Security Hub CSPM API @@ -60 +60 @@ Security Hub API - 1. Invoke the [CreateConfigurationPolicy](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_CreateConfigurationPolicy.html) API from the Security Hub delegated administrator account in the home Region. + 1. Invoke the [CreateConfigurationPolicy](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_CreateConfigurationPolicy.html) API from the Security Hub CSPM delegated administrator account in the home Region. @@ -64 +64 @@ Security Hub API - 3. For the `ServiceEnabled` field, specify if you want Security Hub to be enabled or disabled in this configuration policy. + 3. For the `ServiceEnabled` field, specify if you want Security Hub CSPM to be enabled or disabled in this configuration policy. @@ -66 +66 @@ Security Hub API - 4. For the `EnabledStandardIdentifiers` field, specify which Security Hub standards you want to enable in this configuration policy. + 4. For the `EnabledStandardIdentifiers` field, specify which Security Hub CSPM standards you want to enable in this configuration policy. @@ -70 +70 @@ Security Hub API - 6. Optionally, for the `SecurityControlCustomParameters` field, specify enabled controls for which you want to customize parameters. Provide `CUSTOM` for the `ValueType` field and the custom parameter value for the `Value` field. The value must be the correct data type and within valid ranges specified by Security Hub. Only select controls support custom parameter values. For more information, see [Understanding control parameters in Security Hub](./custom-control-parameters.html). + 6. Optionally, for the `SecurityControlCustomParameters` field, specify enabled controls for which you want to customize parameters. Provide `CUSTOM` for the `ValueType` field and the custom parameter value for the `Value` field. The value must be the correct data type and within valid ranges specified by Security Hub CSPM. Only select controls support custom parameter values. For more information, see [Understanding control parameters in Security Hub CSPM](./custom-control-parameters.html). @@ -72 +72 @@ Security Hub API - 7. To apply your configuration policy to accounts or OUs, invoke the [StartConfigurationPolicyAssociation](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_StartConfigurationPolicyAssociation.html) API from the Security Hub delegated administrator account in the home Region. + 7. To apply your configuration policy to accounts or OUs, invoke the [StartConfigurationPolicyAssociation](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_StartConfigurationPolicyAssociation.html) API from the Security Hub CSPM delegated administrator account in the home Region. @@ -131 +131 @@ AWS CLI - 1. Run the [create-configuration-policy](https://docs.aws.amazon.com/cli/latest/reference/securityhub/create-configuration-policy.html) command from the Security Hub delegated administrator account in the home Region. + 1. Run the [create-configuration-policy](https://docs.aws.amazon.com/cli/latest/reference/securityhub/create-configuration-policy.html) command from the Security Hub CSPM delegated administrator account in the home Region. @@ -135 +135 @@ AWS CLI - 3. For the `ServiceEnabled` field, specify if you want Security Hub to be enabled or disabled in this configuration policy. + 3. For the `ServiceEnabled` field, specify if you want Security Hub CSPM to be enabled or disabled in this configuration policy. @@ -137 +137 @@ AWS CLI - 4. For the `EnabledStandardIdentifiers` field, specify which Security Hub standards you want to enable in this configuration policy. + 4. For the `EnabledStandardIdentifiers` field, specify which Security Hub CSPM standards you want to enable in this configuration policy. @@ -141 +141 @@ AWS CLI - 6. Optionally, for the `SecurityControlCustomParameters` field, specify enabled controls for which you want to customize parameters. Provide `CUSTOM` for the `ValueType` field and the custom parameter value for the `Value` field. The value must be the correct data type and within valid ranges specified by Security Hub. Only select controls support custom parameter values. For more information, see [Understanding control parameters in Security Hub](./custom-control-parameters.html). + 6. Optionally, for the `SecurityControlCustomParameters` field, specify enabled controls for which you want to customize parameters. Provide `CUSTOM` for the `ValueType` field and the custom parameter value for the `Value` field. The value must be the correct data type and within valid ranges specified by Security Hub CSPM. Only select controls support custom parameter values. For more information, see [Understanding control parameters in Security Hub CSPM](./custom-control-parameters.html). @@ -143 +143 @@ AWS CLI - 7. To apply your configuration policy to accounts or OUs, run the [start-configuration-policy-association](https://docs.aws.amazon.com/cli/latest/reference/securityhub/start-configuration-policy-association.html) command from the Security Hub delegated administrator account in the home Region. + 7. To apply your configuration policy to accounts or OUs, run the [start-configuration-policy-association](https://docs.aws.amazon.com/cli/latest/reference/securityhub/start-configuration-policy-association.html) command from the Security Hub CSPM delegated administrator account in the home Region. @@ -179 +179 @@ How configuration policies work -Reviewing policy status and details +Reviewing the status and details of configuration policies