AWS securityhub documentation change
Summary
Updated documentation to reflect rebranding from 'Security Hub' to 'Security Hub CSPM' (Cloud Security Posture Management) throughout the text. Changed references to console, API, and administrative functions to include CSPM terminology. Removed version number from AWS Foundational Security Best Practices standard example.
Security assessment
Changes are primarily branding/terminology updates rather than addressing security vulnerabilities. The documentation clarifies CSPM-specific behavior (e.g., AWS Config rule management by CSPM) but doesn't disclose new vulnerabilities or security fixes. The process for disabling standards remains functionally equivalent.
Diff
diff --git a/securityhub/latest/userguide/disable-standards.md b/securityhub/latest/userguide/disable-standards.md index d1de092a7..b493897fb 100644 --- a//securityhub/latest/userguide/disable-standards.md +++ b//securityhub/latest/userguide/disable-standards.md @@ -3 +3 @@ -[Documentation](/index.html)[AWS Security Hub](/securityhub/index.html)[User Guide](what-is-securityhub.html) +[Documentation](/index.html)[AWS Security Hub](/securityhub/index.html)[ User Guide ](what-is-security-hub-adv.html) @@ -7 +7 @@ Disabling a standard in multiple accounts and AWS RegionsDisabling a standard in -# Disabling a security standard in Security Hub +# Disabling a security standard @@ -9 +9 @@ Disabling a standard in multiple accounts and AWS RegionsDisabling a standard in -When you disable a security standard in AWS Security Hub, the following occurs: +When you disable a security standard in AWS Security Hub Cloud Security Posture Management (CSPM), the following occurs: @@ -17 +17 @@ When you disable a security standard in AWS Security Hub, the following occurs: - * AWS Config rules that Security Hub created for the disabled controls are deleted. + * AWS Config rules that Security Hub CSPM created for the disabled controls are deleted. @@ -22 +22 @@ When you disable a security standard in AWS Security Hub, the following occurs: -Deletion of the appropriate AWS Config rules typically occurs within a few minutes of disabling a standard. However, it might take longer. If the first request fails to delete the rules, Security Hub tries again every 12 hours. However, if you disabled Security Hub or don't have any other standards enabled, Security Hub can't try again, which means that it can't delete the rules. If this occurs and you need to delete the rules, contact AWS Support. +Deletion of the appropriate AWS Config rules typically occurs within a few minutes of disabling a standard. However, it might take longer. If the first request fails to delete the rules, Security Hub CSPM tries again every 12 hours. However, if you disabled Security Hub CSPM or don't have any other standards enabled, Security Hub CSPM can't try again, which means that it can't delete the rules. If this occurs and you need to delete the rules, contact AWS Support. @@ -35 +35 @@ Deletion of the appropriate AWS Config rules typically occurs within a few minut -To disable a security standard across multiple accounts and AWS Regions, use [central configuration](./central-configuration-intro.html). With central configuration, the delegated Security Hub administrator can create Security Hub configuration policies that disable one or more standards. The administrator can then associate a configuration policy with individual accounts, organizational units (OUs), or the root. A configuration policy affects the home Region, also referred to as an _aggregation Region_ , and all linked Regions. +To disable a security standard across multiple accounts and AWS Regions, use [central configuration](./central-configuration-intro.html). With central configuration, the delegated Security Hub CSPM administrator can create Security Hub CSPM configuration policies that disable one or more standards. The administrator can then associate a configuration policy with individual accounts, organizational units (OUs), or the root. A configuration policy affects the home Region, also referred to as an _aggregation Region_ , and all linked Regions. @@ -41 +41 @@ Configuration policies offer customization options. For example, you might choos -The Security Hub administrator can use configuration policies to disable any standard except the [AWS Control Tower service-managed standard](./service-managed-standard-aws-control-tower.html). To disable this standard, the administrator must use AWS Control Tower directly. They must also use AWS Control Tower to disable or enable individual controls in this standard for a centrally managed account. +The Security Hub CSPM administrator can use configuration policies to disable any standard except the [AWS Control Tower service-managed standard](./service-managed-standard-aws-control-tower.html). To disable this standard, the administrator must use AWS Control Tower directly. They must also use AWS Control Tower to disable or enable individual controls in this standard for a centrally managed account. @@ -43 +43 @@ The Security Hub administrator can use configuration policies to disable any sta -If you want some accounts to configure or disable standards for their own accounts, the Security Hub administrator can designate those accounts as _self-managed accounts_. Self-managed accounts must disable standards separately in each Region. +If you want some accounts to configure or disable standards for their own accounts, the Security Hub CSPM administrator can designate those accounts as _self-managed accounts_. Self-managed accounts must disable standards separately in each Region. @@ -47 +47 @@ If you want some accounts to configure or disable standards for their own accoun -If you don't use central configuration or you have a self-managed account, you can't use configuration policies to centrally disable security standards in multiple accounts or AWS Regions. However, you can disable a standard in a single account and Region. You can do this by using the Security Hub console or the Security Hub API. +If you don't use central configuration or you have a self-managed account, you can't use configuration policies to centrally disable security standards in multiple accounts or AWS Regions. However, you can disable a standard in a single account and Region. You can do this by using the Security Hub CSPM console or the Security Hub CSPM API. @@ -49 +49 @@ If you don't use central configuration or you have a self-managed account, you c -Security Hub console +Security Hub CSPM console @@ -52 +52 @@ Security Hub console -Follow these steps to disable a standard in one account and Region by using the Security Hub console. +Follow these steps to disable a standard in one account and Region by using the Security Hub CSPM console. @@ -56 +56 @@ Follow these steps to disable a standard in one account and Region by using the - 1. Open the AWS Security Hub console at [https://console.aws.amazon.com/securityhub/](https://console.aws.amazon.com/securityhub/). + 1. Open the AWS Security Hub Cloud Security Posture Management (CSPM) console at [https://console.aws.amazon.com/securityhub/](https://console.aws.amazon.com/securityhub/). @@ -69 +69 @@ To disable the standard in additional Regions, repeat the preceding steps in eac -Security Hub API +Security Hub CSPM API @@ -74 +74 @@ To disable a standard programmatically in a single account and Region, use the [ -In your request, use the `StandardsSubscriptionArns` parameter to specify the Amazon Resource Name (ARN) of the standard that you want to disable. If you're using the AWS CLI, use the `standards-subscription-arns` parameter to specify the ARN. Also specify the Region that your request applies to. For example, the following command disables the AWS Foundational Security Best Practices v1.0.0 (FSBP) standard for an account (`123456789012`): +In your request, use the `StandardsSubscriptionArns` parameter to specify the Amazon Resource Name (ARN) of the standard that you want to disable. If you're using the AWS CLI, use the `standards-subscription-arns` parameter to specify the ARN. Also specify the Region that your request applies to. For example, the following command disables the AWS Foundational Security Best Practices (FSBP) standard for an account (`123456789012`): @@ -85 +85 @@ To obtain the ARN for a standard, you can use the [GetEnabledStandards](https:// -After you disable a standard, Security Hub begins performing tasks to disable the standard in the account and the specified Region. This includes disabling all the controls that apply to the standard. To monitor the status of these tasks, you can [check the status of the standard](./enable-standards.html#standard-subscription-status) for the account and Region. +After you disable a standard, Security Hub CSPM begins performing tasks to disable the standard in the account and the specified Region. This includes disabling all the controls that apply to the standard. To monitor the status of these tasks, you can [check the status of the standard](./enable-standards.html#standard-subscription-status) for the account and Region. @@ -95 +95 @@ Turning off auto-enabled standards -Controls +CSPM controls