AWS securityhub documentation change
Summary
Updated documentation to specifically reference Security Hub Cloud Security Posture Management (CSPM) instead of generic Security Hub, including changes to console/API references, administrator roles, and operational procedures.
Security assessment
The changes primarily rebrand generic 'Security Hub' references to 'Security Hub CSPM', clarifying the focus on cloud security posture management. While CSPM is a security feature, these updates are documentation refinements rather than addressing a specific security vulnerability or adding new security guidance. No evidence of a patched vulnerability or incident response.
Diff
diff --git a/securityhub/latest/userguide/securityhub-disable.md b/securityhub/latest/userguide/securityhub-disable.md index 2ddcec472..b3cc24a3d 100644 --- a//securityhub/latest/userguide/securityhub-disable.md +++ b//securityhub/latest/userguide/securityhub-disable.md @@ -3 +3 @@ -[Documentation](/index.html)[AWS Security Hub](/securityhub/index.html)[User Guide](what-is-securityhub.html) +[Documentation](/index.html)[AWS Security Hub](/securityhub/index.html)[ User Guide ](what-is-security-hub-adv.html) @@ -5 +5 @@ -# Disabling Security Hub +# Disabling Security Hub CSPM @@ -7 +7 @@ -You can disable AWS Security Hub by using the Security Hub console or the Security Hub API. If you disable Security Hub, you can enable it again later. +You can disable AWS Security Hub Cloud Security Posture Management (CSPM) by using the Security Hub CSPM console or the Security Hub CSPM API. If you disable Security Hub CSPM, you can enable it again later. @@ -9 +9 @@ You can disable AWS Security Hub by using the Security Hub console or the Securi -If your organization uses central configuration, the delegated AWS Security Hub administrator can create configuration policies that disable Security Hub for specific accounts and organizational units (OUs), and keep Security Hub enabled for others. Configuration policies affect the home Region and all linked Regions. For more information, see [Understanding central configuration in Security Hub](./central-configuration-intro.html). +If your organization uses central configuration, the delegated AWS Security Hub Cloud Security Posture Management (CSPM) administrator can create configuration policies that disable Security Hub CSPM for specific accounts and organizational units (OUs), and keep Security Hub CSPM enabled for others. Configuration policies affect the home Region and all linked Regions. For more information, see [Understanding central configuration in Security Hub CSPM](./central-configuration-intro.html). @@ -11 +11 @@ If your organization uses central configuration, the delegated AWS Security Hub -If you disable Security Hub for an account, the following occurs: +If you disable Security Hub CSPM for an account, the following occurs: @@ -15 +15 @@ If you disable Security Hub for an account, the following occurs: - * Security Hub stops generating and ingesting new findings for the account. + * Security Hub CSPM stops generating and ingesting new findings for the account. @@ -17 +17 @@ If you disable Security Hub for an account, the following occurs: - * After 90 days, Security Hub permanently deletes all existing findings for the account. The findings cannot be recovered by using Security Hub. + * After 90 days, Security Hub CSPM permanently deletes all existing findings for the account. The findings cannot be recovered by using Security Hub CSPM. @@ -19 +19 @@ If you disable Security Hub for an account, the following occurs: - * After 90 days, Security Hub permanently deletes existing insights and Security Hub configuration settings for the account. The data and settings cannot be recovered. + * After 90 days, Security Hub CSPM permanently deletes existing insights and Security Hub CSPM configuration settings for the account. The data and settings cannot be recovered. @@ -24 +24 @@ If you disable Security Hub for an account, the following occurs: -To retain existing findings for more than 90 days, you can use a custom action with an Amazon EventBridge rule to export the findings to an S3 bucket before you disable Security Hub. For more information, see [Using EventBridge for automated response and remediation](./securityhub-cloudwatch-events.html). +To retain existing findings for more than 90 days, you can use a custom action with an Amazon EventBridge rule to export the findings to an S3 bucket before you disable Security Hub CSPM. For more information, see [Using EventBridge for automated response and remediation](./securityhub-cloudwatch-events.html). @@ -26 +26 @@ To retain existing findings for more than 90 days, you can use a custom action w -If you re-enable Security Hub within 90 days of disabling it for an account, you regain access to existing findings, insights, and Security Hub configuration settings for the account. However, existing findings might be inaccurate because they will reflect the state of your AWS environment when you disabled Security Hub. In addition, as you re-enable individual standards and controls, Security Hub might initially generate duplicate findings for specific AWS resources, depending on the standards and controls that you enable. For these reasons, we recommend that you do one of the following: +If you re-enable Security Hub CSPM within 90 days of disabling it for an account, you regain access to existing findings, insights, and Security Hub CSPM configuration settings for the account. However, existing findings might be inaccurate because they will reflect the state of your AWS environment when you disabled Security Hub CSPM. In addition, as you re-enable individual standards and controls, Security Hub CSPM might initially generate duplicate findings for specific AWS resources, depending on the standards and controls that you enable. For these reasons, we recommend that you do one of the following: @@ -28 +28 @@ If you re-enable Security Hub within 90 days of disabling it for an account, you - * Change the workflow status of all existing findings to `RESOLVED` before you disable Security Hub. For more information, see [Setting the workflow status of findings](./findings-workflow-status.html). + * Change the workflow status of all existing findings to `RESOLVED` before you disable Security Hub CSPM. For more information, see [](./findings-workflow-status.html). @@ -30 +30 @@ If you re-enable Security Hub within 90 days of disabling it for an account, you - * Disable all standards at least six days before you disable Security Hub. Security Hub then archives all existing findings on a best-effort basis, typically within three to five days. For more information, see [Disabling a standard](./disable-standards.html). + * Disable all standards at least six days before you disable Security Hub CSPM. Security Hub CSPM then archives all existing findings on a best-effort basis, typically within three to five days. For more information, see [Disabling a standard](./disable-standards.html). @@ -35 +35 @@ If you re-enable Security Hub within 90 days of disabling it for an account, you -You can't disable Security Hub in the following cases: +You can't disable Security Hub CSPM in the following cases: @@ -37 +37 @@ You can't disable Security Hub in the following cases: - * Your account is the delegated Security Hub administrator account for an organization. If you use central configuration, you can't associate a configuration policy that disables Security Hub for the delegated administrator account. The association can succeed for other accounts, but Security Hub doesn't apply such a policy to the delegated administrator account. + * Your account is the delegated Security Hub CSPM administrator account for an organization. If you use central configuration, you can't associate a configuration policy that disables Security Hub CSPM for the delegated administrator account. The association can succeed for other accounts, but Security Hub CSPM doesn't apply such a policy to the delegated administrator account. @@ -39 +39 @@ You can't disable Security Hub in the following cases: - * Your account is a Security Hub administrator account by invitation, and you have member accounts. Before you can disable Security Hub, you must disassociate all of your member accounts. To learn how, see [Disassociating member accounts in Security Hub](./securityhub-disassociate-members.html). + * Your account is a Security Hub CSPM administrator account by invitation, and you have member accounts. Before you can disable Security Hub CSPM, you must disassociate all of your member accounts. To learn how, see [Disassociating member accounts in Security Hub CSPM](./securityhub-disassociate-members.html). @@ -44 +44 @@ You can't disable Security Hub in the following cases: -Before the owner of a member account can disable Security Hub, the account must be disassociated from its administrator account. For an organization account, only the administrator account can disassociate member accounts. For more information, see [Disassociating Security Hub member accounts from your organization](./accounts-orgs-disassociate.html). For manually invited accounts, either the administrator account or the member account can disassociate the member account. For more information, see [Disassociating member accounts in Security Hub](./securityhub-disassociate-members.html) or [Disassociating from a Security Hub administrator account](./securityhub-disassociate-from-admin.html). Disassociation isn't required if you use central configuration because the Security Hub administrator can create a policy that disables Security Hub for specific member accounts. +Before the owner of a member account can disable Security Hub CSPM, the account must be disassociated from its administrator account. For an organization account, only the administrator account can disassociate member accounts. For more information, see [Disassociating Security Hub CSPM member accounts from your organization](./accounts-orgs-disassociate.html). For manually invited accounts, either the administrator account or the member account can disassociate the member account. For more information, see [Disassociating member accounts in Security Hub CSPM](./securityhub-disassociate-members.html) or [Disassociating from a Security Hub CSPM administrator account](./securityhub-disassociate-from-admin.html). Disassociation isn't required if you use central configuration because the Security Hub CSPM administrator can create a policy that disables Security Hub CSPM for specific member accounts. @@ -46 +46 @@ Before the owner of a member account can disable Security Hub, the account must -When you disable Security Hub for an account, it is disabled only in the current Region. However, if you use central configuration to disable Security Hub for specific accounts, it is disabled in the home Region and all linked Regions. +When you disable Security Hub CSPM for an account, it is disabled only in the current Region. However, if you use central configuration to disable Security Hub CSPM for specific accounts, it is disabled in the home Region and all linked Regions. @@ -48 +48 @@ When you disable Security Hub for an account, it is disabled only in the current -To disable Security Hub, choose your preferred method and follow the steps. +To disable Security Hub CSPM, choose your preferred method and follow the steps. @@ -50 +50 @@ To disable Security Hub, choose your preferred method and follow the steps. -Security Hub console +Security Hub CSPM console @@ -53 +53 @@ Security Hub console -###### To disable Security Hub +###### To disable Security Hub CSPM @@ -55 +55 @@ Security Hub console - 1. Open the AWS Security Hub console at [https://console.aws.amazon.com/securityhub/](https://console.aws.amazon.com/securityhub/). + 1. Open the AWS Security Hub Cloud Security Posture Management (CSPM) console at [https://console.aws.amazon.com/securityhub/](https://console.aws.amazon.com/securityhub/). @@ -59 +59 @@ Security Hub console - 3. In the **Disable AWS Security Hub** section, choose **Disable AWS Security Hub**. + 3. In the **Disable AWS Security Hub Cloud Security Posture Management (CSPM)** section, choose **Disable AWS Security Hub Cloud Security Posture Management (CSPM)**. @@ -61 +61 @@ Security Hub console - 4. When prompted for confirmation, choose **Disable AWS Security Hub**. + 4. When prompted for confirmation, choose **Disable AWS Security Hub Cloud Security Posture Management (CSPM)**. @@ -66 +66 @@ Security Hub console -Security Hub API +Security Hub CSPM API @@ -69 +69 @@ Security Hub API -To disable Security Hub programmatically, use the [DisableSecurityHub](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_DisableSecurityHub.html) operation of the Security Hub API. Or, if you're using the AWS CLI, run the [disable-security-hub](https://docs.aws.amazon.com/cli/latest/reference/securityhub/disable-security-hub.html) command. For example, the following command disables Security Hub in the current AWS Region: +To disable Security Hub CSPM programmatically, use the [DisableSecurityHub](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_DisableSecurityHub.html) operation of the Security Hub CSPM API. Or, if you're using the AWS CLI, run the [disable-security-hub](https://docs.aws.amazon.com/cli/latest/reference/securityhub/disable-security-hub.html) command. For example, the following command disables Security Hub CSPM in the current AWS Region: @@ -80 +80 @@ To use the Amazon Web Services Documentation, Javascript must be enabled. Please -Regional limits on Security Hub controls +Subscribing to CSPM announcements @@ -82 +82 @@ Regional limits on Security Hub controls -Controls change log +Security