AWS securityhub documentation change
Summary
Updated references from 'Security Hub' to 'Security Hub CSPM' throughout the document, emphasizing Cloud Security Posture Management features
Security assessment
The changes introduce explicit references to Cloud Security Posture Management (CSPM), which is a security-focused capability. While this clarifies security posture management aspects, there is no evidence of addressing a specific vulnerability or security incident. The updates appear to refine branding/documentation of existing security features rather than patching issues.
Diff
diff --git a/securityhub/latest/userguide/securityhub-accounts.md b/securityhub/latest/userguide/securityhub-accounts.md index f448457df..e28331a17 100644 --- a//securityhub/latest/userguide/securityhub-accounts.md +++ b//securityhub/latest/userguide/securityhub-accounts.md @@ -3 +3 @@ -[Documentation](/index.html)[AWS Security Hub](/securityhub/index.html)[User Guide](what-is-securityhub.html) +[Documentation](/index.html)[AWS Security Hub](/securityhub/index.html)[ User Guide ](what-is-security-hub-adv.html) @@ -7 +7 @@ Managing accounts with AWS OrganizationsManaging accounts manually by invitation -# Managing administrator and member accounts in Security Hub +# Managing administrator and member accounts in Security Hub CSPM @@ -9 +9 @@ Managing accounts with AWS OrganizationsManaging accounts manually by invitation -If your AWS environment has multiple accounts, you can treat the accounts that use AWS Security Hub as member accounts and associate them with a single administrator account. The administrator can monitor your overall security posture and take [allowed actions](./securityhub-accounts-allowed-actions.html) on member accounts. The administrator can also perform various account management and administration tasks at scale, such as monitoring estimated usage costs and assessing account quotas. +If your AWS environment has multiple accounts, you can treat the accounts that use AWS Security Hub Cloud Security Posture Management (CSPM) as member accounts and associate them with a single administrator account. The administrator can monitor your overall security posture and take [allowed actions](./securityhub-accounts-allowed-actions.html) on member accounts. The administrator can also perform various account management and administration tasks at scale, such as monitoring estimated usage costs and assessing account quotas. @@ -11 +11 @@ If your AWS environment has multiple accounts, you can treat the accounts that u -You can associate member accounts with an administrator in two ways, by integrating Security Hub with AWS Organizations or by manually sending and accepting membership invitations in Security Hub. +You can associate member accounts with an administrator in two ways, by integrating Security Hub CSPM with AWS Organizations or by manually sending and accepting membership invitations in Security Hub CSPM. @@ -15 +15 @@ You can associate member accounts with an administrator in two ways, by integrat -AWS Organizations is a global account management service that lets AWS administrators to consolidate and manage multiple AWS accounts. It provides account management and consolidated billing features that are designed to support budgetary, security, and compliance needs. It's offered at no additional charge, and it integrates with multiple AWS services, including AWS Security Hub, Amazon Macie, and Amazon GuardDuty. For more information, see the [_AWS Organizations User Guide_](https://docs.aws.amazon.com/organizations/latest/userguide/orgs_introduction.html). +AWS Organizations is a global account management service that lets AWS administrators to consolidate and manage multiple AWS accounts. It provides account management and consolidated billing features that are designed to support budgetary, security, and compliance needs. It's offered at no additional charge, and it integrates with multiple AWS services, including AWS Security Hub Cloud Security Posture Management (CSPM), Amazon Macie, and Amazon GuardDuty. For more information, see the [_AWS Organizations User Guide_](https://docs.aws.amazon.com/organizations/latest/userguide/orgs_introduction.html). @@ -17 +17 @@ AWS Organizations is a global account management service that lets AWS administr -When you integrate Security Hub and AWS Organizations, the Organizations management account designates a Security Hub delegated administrator. Security Hub is automatically enabled in the delegated administrator account in the AWS Region in which it was designated. +When you integrate Security Hub CSPM and AWS Organizations, the Organizations management account designates a Security Hub CSPM delegated administrator. Security Hub CSPM is automatically enabled in the delegated administrator account in the AWS Region in which it was designated. @@ -19 +19 @@ When you integrate Security Hub and AWS Organizations, the Organizations managem -After designating a delegated administrator, we recommend managing accounts in Security Hub with [central configuration](./central-configuration-intro.html). This is the most efficient way to customize Security Hub and ensure adequate security coverage for your organization. +After designating a delegated administrator, we recommend managing accounts in Security Hub CSPM with [central configuration](./central-configuration-intro.html). This is the most efficient way to customize Security Hub CSPM and ensure adequate security coverage for your organization. @@ -21 +21 @@ After designating a delegated administrator, we recommend managing accounts in S -Central configuration lets the delegated administrator customize Security Hub across multiple organization accounts and Regions rather than configuring Region-by-Region. You can create a configuration policy for your entire organization, or create different configuration policies for different accounts and OUs. The policies specify whether Security Hub is enabled or disabled in associated accounts and which security standards and controls are enabled. +Central configuration lets the delegated administrator customize Security Hub CSPM across multiple organization accounts and Regions rather than configuring Region-by-Region. You can create a configuration policy for your entire organization, or create different configuration policies for different accounts and OUs. The policies specify whether Security Hub CSPM is enabled or disabled in associated accounts and which security standards and controls are enabled. @@ -25 +25 @@ The delegated administrator can designate accounts as centrally managed or self- -If you don't opt in to central configuration, the delegated administrator has a more limited ability to configure Security Hub, called _local configuration_. Under local configuration, the delegated administrator can automatically enable Security Hub and [default security standards](./securityhub-auto-enabled-standards.html) in new organization accounts in the current Region. However, existing accounts don't use these settings, so configuration drift can occur after an account joins the organization. +If you don't opt in to central configuration, the delegated administrator has a more limited ability to configure Security Hub CSPM, called _local configuration_. Under local configuration, the delegated administrator can automatically enable Security Hub CSPM and [default security standards](./securityhub-auto-enabled-standards.html) in new organization accounts in the current Region. However, existing accounts don't use these settings, so configuration drift can occur after an account joins the organization. @@ -27 +27 @@ If you don't opt in to central configuration, the delegated administrator has a -Aside from these new account settings, local configuration is account-specific and Region-specific. Each organization account must configure the Security Hub service, standards, and controls separately in each Region. Local configuration also doesn't support the use of configuration policies. +Aside from these new account settings, local configuration is account-specific and Region-specific. Each organization account must configure the Security Hub CSPM service, standards, and controls separately in each Region. Local configuration also doesn't support the use of configuration policies. @@ -31 +31 @@ Aside from these new account settings, local configuration is account-specific a -You must manually manage member accounts by invitation in Security Hub if you have a standalone account or if you don't integrate with Organizations. A standalone account can't integrate with Organizations, so it's necessary to manage it manually. We recommend integrating with AWS Organizations and using central configuration if you add additional accounts in the future. +You must manually manage member accounts by invitation in Security Hub CSPM if you have a standalone account or if you don't integrate with Organizations. A standalone account can't integrate with Organizations, so it's necessary to manage it manually. We recommend integrating with AWS Organizations and using central configuration if you add additional accounts in the future. @@ -33 +33 @@ You must manually manage member accounts by invitation in Security Hub if you ha -When you use manual account management, you designate an account to be the Security Hub administrator. The administrator account can view data in member accounts and take certain actions on member account findings. The Security Hub administrator invites other accounts to be member accounts, and the administrator-member relationship is established when a prospective member account accepts the invitation. +When you use manual account management, you designate an account to be the Security Hub CSPM administrator. The administrator account can view data in member accounts and take certain actions on member account findings. The Security Hub CSPM administrator invites other accounts to be member accounts, and the administrator-member relationship is established when a prospective member account accepts the invitation. @@ -35 +35 @@ When you use manual account management, you designate an account to be the Secur -Manual account management doesn't support the use of configuration policies. Without configuration policies, the administrator can't centrally customize Security Hub by configuring variable settings for different accounts. Instead, each organization account must enable and configure Security Hub for itself separately in each Region. This can make it more difficult and time consuming to ensure adequate security coverage across all of the accounts and Regions in which you use Security Hub. It can also cause configuration drift as member accounts can specify their own settings without input from the administrator. +Manual account management doesn't support the use of configuration policies. Without configuration policies, the administrator can't centrally customize Security Hub CSPM by configuring variable settings for different accounts. Instead, each organization account must enable and configure Security Hub CSPM for itself separately in each Region. This can make it more difficult and time consuming to ensure adequate security coverage across all of the accounts and Regions in which you use Security Hub CSPM. It can also cause configuration drift as member accounts can specify their own settings without input from the administrator. @@ -37 +37 @@ Manual account management doesn't support the use of configuration policies. Wit -To manage accounts by invitation, see [Managing accounts by invitation in Security Hub](./account-management-manual.html). +To manage accounts by invitation, see [Managing accounts by invitation in Security Hub CSPM](./account-management-manual.html).