AWS securityhub documentation change
Summary
Updated references from 'Security Hub' to 'Security Hub CSPM' throughout the document, added CSPM branding to NIST standard implementation details
Security assessment
The changes emphasize Cloud Security Posture Management (CSPM) capabilities but do not address specific vulnerabilities. Updates clarify Security Hub's CSPM role in implementing NIST controls, which is a security feature documentation enhancement.
Diff
diff --git a/securityhub/latest/userguide/standards-reference-nist-800-171.md b/securityhub/latest/userguide/standards-reference-nist-800-171.md index 7504d612c..3ae58c399 100644 --- a//securityhub/latest/userguide/standards-reference-nist-800-171.md +++ b//securityhub/latest/userguide/standards-reference-nist-800-171.md @@ -3 +3 @@ -[Documentation](/index.html)[AWS Security Hub](/securityhub/index.html)[User Guide](what-is-securityhub.html) +[Documentation](/index.html)[AWS Security Hub](/securityhub/index.html)[ User Guide ](what-is-security-hub-adv.html) @@ -7 +7 @@ Configuring resource recording for the standardDetermining which controls apply -# NIST SP 800-171 Revision 2 in Security Hub +# NIST SP 800-171 Revision 2 in Security Hub CSPM @@ -24 +24 @@ The requirements apply to all components of non-federal systems and organization -AWS Security Hub provides security controls that support a subset of NIST SP 800-171 Revision 2 requirements. The controls perform automated security checks for certain AWS services and resources. To enable and manage these controls, you can enable the NIST SP 800-171 Revision 2 framework as a standard in Security Hub. Note that the controls don't support NIST SP 800-171 Revision 2 requirements that require manual checks. +AWS Security Hub Cloud Security Posture Management (CSPM) provides security controls that support a subset of NIST SP 800-171 Revision 2 requirements. The controls perform automated security checks for certain AWS services and resources. To enable and manage these controls, you can enable the NIST SP 800-171 Revision 2 framework as a standard in Security Hub CSPM. Note that the controls don't support NIST SP 800-171 Revision 2 requirements that require manual checks. @@ -37 +37 @@ AWS Security Hub provides security controls that support a subset of NIST SP 800 -To optimize coverage and the accuracy of findings, it's important to enable and configure resource recording in AWS Config before you enable the NIST SP 800-171 Revision 2 standard in AWS Security Hub. When you configure resource recording, also be sure to enable it for all the types of AWS resources that are checked by controls that apply to the standard. Otherwise, Security Hub might not be able to evaluate the appropriate resources, and generate accurate findings for controls that apply to the standard. +To optimize coverage and the accuracy of findings, it's important to enable and configure resource recording in AWS Config before you enable the NIST SP 800-171 Revision 2 standard in AWS Security Hub Cloud Security Posture Management (CSPM). When you configure resource recording, also be sure to enable it for all the types of AWS resources that are checked by controls that apply to the standard. Otherwise, Security Hub CSPM might not be able to evaluate the appropriate resources, and generate accurate findings for controls that apply to the standard. @@ -39 +39 @@ To optimize coverage and the accuracy of findings, it's important to enable and -For information about how Security Hub uses resource recording in AWS Config, see [Enabling and configuring AWS Config for Security Hub](./securityhub-setup-prereqs.html). For information about configuring resource recording in AWS Config, see [Working with the configuration recorder](https://docs.aws.amazon.com/config/latest/developerguide/stop-start-recorder.html) in the _AWS Config Developer Guide_. +For information about how Security Hub CSPM uses resource recording in AWS Config, see [Enabling and configuring AWS Config for Security Hub CSPM](./securityhub-setup-prereqs.html). For information about configuring resource recording in AWS Config, see [Working with the configuration recorder](https://docs.aws.amazon.com/config/latest/developerguide/stop-start-recorder.html) in the _AWS Config Developer Guide_. @@ -41 +41 @@ For information about how Security Hub uses resource recording in AWS Config, se -The following table specifies the types of resources to record for controls that apply to the NIST SP 800-171 Revision 2 standard in Security Hub. +The following table specifies the types of resources to record for controls that apply to the NIST SP 800-171 Revision 2 standard in Security Hub CSPM. @@ -61 +61 @@ AWS WAF | `AWS::WAFv2::RuleGroup` -The following list specifies the controls that support NIST SP 800-171 Revision 2 requirements and apply to the NIST SP 800-171 Revision 2 standard in AWS Security Hub. For details about specific requirements that a control supports, choose the control. Then refer to the **Related requirements** field in the details for the control. This field specifies each NIST requirement that the control supports. If the field doesn't specify a particular NIST requirement, the control doesn't support the requirement. +The following list specifies the controls that support NIST SP 800-171 Revision 2 requirements and apply to the NIST SP 800-171 Revision 2 standard in AWS Security Hub Cloud Security Posture Management (CSPM). For details about specific requirements that a control supports, choose the control. Then refer to the **Related requirements** field in the details for the control. This field specifies each NIST requirement that the control supports. If the field doesn't specify a particular NIST requirement, the control doesn't support the requirement.