AWS Security ChangesHomeSearch

AWS securityhub documentation change

Service: securityhub · 2025-06-19 · Documentation low

File: securityhub/latest/userguide/securityhub-data-retention.md

Summary

Updated documentation to consistently reference 'Security Hub CSPM' instead of generic 'Security Hub', clarified Cloud Security Posture Management (CSPM) context throughout the data retention documentation

Security assessment

The changes focus on clarifying CSPM-specific data retention policies and account management processes. While CSPM is a security feature, there's no evidence this change addresses a specific vulnerability or security incident. The modifications appear to be documentation refinement rather than security remediation.

Diff

diff --git a/securityhub/latest/userguide/securityhub-data-retention.md b/securityhub/latest/userguide/securityhub-data-retention.md
index fef6ad58e..d48d98f99 100644
--- a//securityhub/latest/userguide/securityhub-data-retention.md
+++ b//securityhub/latest/userguide/securityhub-data-retention.md
@@ -3 +3 @@
-[Documentation](/index.html)[AWS Security Hub](/securityhub/index.html)[User Guide](what-is-securityhub.html)
+[Documentation](/index.html)[AWS Security Hub](/securityhub/index.html)[ User Guide ](what-is-security-hub-adv.html)
@@ -5 +5 @@
-Security Hub disabledMember account disassociated from administrator accountMember account is removed from an organizationAccount is suspendedAccount is closed
+Security Hub CSPM disabledMember account disassociated from administrator accountMember account is removed from an organizationAccount is suspendedAccount is closed
@@ -7 +7 @@ Security Hub disabledMember account disassociated from administrator accountMemb
-# Effect of account actions on Security Hub data
+# Effect of account actions on Security Hub CSPM data
@@ -9 +9 @@ Security Hub disabledMember account disassociated from administrator accountMemb
-These account actions have the following effects on AWS Security Hub data.
+These account actions have the following effects on AWS Security Hub Cloud Security Posture Management (CSPM) data.
@@ -11 +11 @@ These account actions have the following effects on AWS Security Hub data.
-## Security Hub disabled
+## Security Hub CSPM disabled
@@ -13 +13 @@ These account actions have the following effects on AWS Security Hub data.
-If you use [central configuration](./central-configuration-intro.html), the delegated administrator (DA) can create Security Hub configuration policies that disable AWS Security Hub in specific accounts and organizational units (OUs). In this case, Security Hub is disabled in the specified accounts and OUs in your home Region and any linked Regions.
+If you use [central configuration](./central-configuration-intro.html), the delegated administrator (DA) can create Security Hub CSPM configuration policies that disable AWS Security Hub Cloud Security Posture Management (CSPM) in specific accounts and organizational units (OUs). In this case, Security Hub CSPM is disabled in the specified accounts and OUs in your home Region and any linked Regions.
@@ -15 +15 @@ If you use [central configuration](./central-configuration-intro.html), the dele
-If don't use central configuration, you must disable Security Hub separately in each account and Region where you enabled it.
+If don't use central configuration, you must disable Security Hub CSPM separately in each account and Region where you enabled it.
@@ -17 +17 @@ If don't use central configuration, you must disable Security Hub separately in
-No new findings are generated for the administrator account if Security Hub is disabled in the administrator account. You also can't use central configuration if Security Hub is disabled in the DA account. Existing findings are deleted after 90 days.
+No new findings are generated for the administrator account if Security Hub CSPM is disabled in the administrator account. You also can't use central configuration if Security Hub CSPM is disabled in the DA account. Existing findings are deleted after 90 days.
@@ -23 +23 @@ Enabled security standards and controls are disabled.
-Other Security Hub data and settings, including custom actions, insights, and subscriptions to third-party products are retained.
+Other Security Hub CSPM data and settings, including custom actions, insights, and subscriptions to third-party products are retained.
@@ -27 +27 @@ Other Security Hub data and settings, including custom actions, insights, and su
-When a member account is disassociated from the administrator account, the administrator account loses permission to view findings in the member account.However, Security Hub is still enabled in both accounts.
+When a member account is disassociated from the administrator account, the administrator account loses permission to view findings in the member account. However, Security Hub CSPM is still enabled in both accounts.
@@ -29 +29 @@ When a member account is disassociated from the administrator account, the admin
-If you use central configuration, the DA can't configure Security Hub for a member account that's disassociated from the DA account.
+If you use central configuration, the DA can't configure Security Hub CSPM for a member account that's disassociated from the DA account.
@@ -33 +33 @@ Custom settings or integrations that are defined for the administrator account a
-In the **Accounts** list for the Security Hub administrator account, a removed account has a status of **Disassociated**.
+In the **Accounts** list for the Security Hub CSPM administrator account, a removed account has a status of **Disassociated**.
@@ -37 +37 @@ In the **Accounts** list for the Security Hub administrator account, a removed a
-When a member account is removed from an organization, the Security Hub administrator account loses permission to view findings in the member account. However, Security Hub is still enabled in both accounts with the same settings they had before removal.
+When a member account is removed from an organization, the Security Hub CSPM administrator account loses permission to view findings in the member account. However, Security Hub CSPM is still enabled in both accounts with the same settings they had before removal.
@@ -39 +39 @@ When a member account is removed from an organization, the Security Hub administ
-If you use central configuration, you can't configure Security Hub for a member account after it's removed from the organization to which the delegated administrator belongs. However, the account retains the settings it had prior to removal unless you manually change them.
+If you use central configuration, you can't configure Security Hub CSPM for a member account after it's removed from the organization to which the delegated administrator belongs. However, the account retains the settings it had prior to removal unless you manually change them.
@@ -41 +41 @@ If you use central configuration, you can't configure Security Hub for a member
-In the **Accounts** list for the Security Hub administrator account, a removed account has a status of **Deleted**.
+In the **Accounts** list for the Security Hub CSPM administrator account, a removed account has a status of **Deleted**.
@@ -45 +45 @@ In the **Accounts** list for the Security Hub administrator account, a removed a
-When an account is suspended in AWS, the account loses permission to view their findings in Security Hub. No new findings are generated for that account. The administrator account for a suspended account can view the existing account findings.
+When an account is suspended in AWS, the account loses permission to view their findings in Security Hub CSPM. No new findings are generated for that account. The administrator account for a suspended account can view the existing account findings.
@@ -51 +51 @@ If you use central configuration, policy association fails if the delegated admi
-After 90 days, the account is either terminated or reactivated. When the account is reactivated, its Security Hub permissions are restored. If the member account status is **Account Suspended** , the administrator account must enable the account manually.
+After 90 days, the account is either terminated or reactivated. When the account is reactivated, its Security Hub CSPM permissions are restored. If the member account status is **Account Suspended** , the administrator account must enable the account manually.
@@ -55 +55 @@ After 90 days, the account is either terminated or reactivated. When the account
-When an AWS account is closed, Security Hub responds to the closure as follows.
+When an AWS account is closed, Security Hub CSPM responds to the closure as follows.
@@ -57 +57 @@ When an AWS account is closed, Security Hub responds to the closure as follows.
-Security Hub retains each existing finding in the account for 90 days after the most recent value of the `UpdatedAt` ASFF field. The finding is retained for 90 days after this date even if Security Hub is disabled. At the end of this 90 day period, Security Hub permanently deletes the finding from the account.
+Security Hub CSPM retains each existing finding in the account for 90 days after the most recent value of the `UpdatedAt` ASFF field. The finding is retained for 90 days after this date even if Security Hub CSPM is disabled. At the end of this 90 day period, Security Hub CSPM permanently deletes the finding from the account.
@@ -59 +59 @@ Security Hub retains each existing finding in the account for 90 days after the
-  * To retain findings for more than 90 days, you can use a custom action with an Amazon EventBridge rule to store the findings in an Amazon S3 bucket. Then, when you reopen the closed account, Security Hub restores the findings for the account.
+  * To retain findings for more than 90 days, you can use a custom action with an Amazon EventBridge rule to store the findings in an Amazon S3 bucket. Then, when you reopen the closed account, Security Hub CSPM restores the findings for the account.
@@ -61 +61 @@ Security Hub retains each existing finding in the account for 90 days after the
-  * If the account is a Security Hub administrator account, it is removed as an administrator and all the member accounts are removed. If the account is a member account, it is disassociated and removed as a member from the Security Hub administrator account.
+  * If the account is a Security Hub CSPM administrator account, it is removed as an administrator and all the member accounts are removed. If the account is a member account, it is disassociated and removed as a member from the Security Hub CSPM administrator account.
@@ -85 +85 @@ Allowed actions by administrator and member accounts
-Cross-Region aggregation
+Aggregating CSPM data across Regions