AWS Security ChangesHomeSearch

AWS securityhub documentation change

Service: securityhub · 2025-06-19 · Documentation low

File: securityhub/latest/userguide/standards-reference.md

Summary

Updated documentation to reflect Security Hub CSPM branding, changed title to 'Standards reference for Security Hub CSPM', and replaced general Security Hub references with CSPM-specific terminology throughout

Security assessment

The changes emphasize Cloud Security Posture Management (CSPM) capabilities but do not address specific vulnerabilities. Updates focus on branding and terminology clarification rather than patching security issues. However, CSPM itself is a security feature category, making this documentation update related to security features.

Diff

diff --git a/securityhub/latest/userguide/standards-reference.md b/securityhub/latest/userguide/standards-reference.md
index 4eeb46bff..8534d7e74 100644
--- a//securityhub/latest/userguide/standards-reference.md
+++ b//securityhub/latest/userguide/standards-reference.md
@@ -3 +3 @@
-[Documentation](/index.html)[AWS Security Hub](/securityhub/index.html)[User Guide](what-is-securityhub.html)
+[Documentation](/index.html)[AWS Security Hub](/securityhub/index.html)[ User Guide ](what-is-security-hub-adv.html)
@@ -5 +5 @@
-# Security Hub standards reference
+# Standards reference for Security Hub CSPM
@@ -7 +7 @@
-In AWS Security Hub, a _security standard_ is a set of requirements that's based on regulatory frameworks, industry best practices, or company policies. Security Hub maps these requirements to controls, and runs security checks on the controls to assess whether the requirements of a standard are being met. Each standard includes multiple controls.
+In AWS Security Hub Cloud Security Posture Management (CSPM), a _security standard_ is a set of requirements that's based on regulatory frameworks, industry best practices, or company policies. Security Hub CSPM maps these requirements to controls, and runs security checks on the controls to assess whether the requirements of a standard are being met. Each standard includes multiple controls.
@@ -9 +9 @@ In AWS Security Hub, a _security standard_ is a set of requirements that's based
-Security Hub currently supports the following standards:
+Security Hub CSPM currently supports the following standards:
@@ -13 +13 @@ Security Hub currently supports the following standards:
-  * **AWS Resource Tagging** – Developed by Security Hub, this standard can help you determine whether your AWS resources have tags. A _tag_ is a key-value pair that acts as metadata for an AWS resource. Tags can help you identify, categorize, manage, and search for AWS resources. For example, you can use tags to categorize resources by purpose, owner, or environment.
+  * **AWS Resource Tagging** – Developed by Security Hub CSPM, this standard can help you determine whether your AWS resources have tags. A _tag_ is a key-value pair that acts as metadata for an AWS resource. Tags can help you identify, categorize, manage, and search for AWS resources. For example, you can use tags to categorize resources by purpose, owner, or environment.
@@ -23 +23 @@ Security Hub currently supports the following standards:
-  * **Service-managed standard, AWS Control Tower** – This standard helps you configure the proactive controls provided by AWS Control Tower alongside the detective controls provided by Security Hub. AWS Control Tower offers a straightforward way to set up and govern an AWS multi-account environment, following prescriptive best practices. By enabling both proactive and detective controls for your AWS environment, you can enhance your security posture at different development stages.
+  * **Service-managed standard, AWS Control Tower** – This standard helps you configure the proactive controls provided by AWS Control Tower alongside the detective controls provided by Security Hub CSPM. AWS Control Tower offers a straightforward way to set up and govern an AWS multi-account environment, following prescriptive best practices. By enabling both proactive and detective controls for your AWS environment, you can enhance your security posture at different development stages.
@@ -28 +28 @@ Security Hub currently supports the following standards:
-Security Hub standards and controls don't guarantee compliance with any regulatory frameworks or audits. Instead, they provide a way to evaluate and monitor the state of your AWS accounts and resources. We recommend enabling each standard that's relevant to your business needs, industry, or use case.
+Security Hub CSPM standards and controls don't guarantee compliance with any regulatory frameworks or audits. Instead, they provide a way to evaluate and monitor the state of your AWS accounts and resources. We recommend enabling each standard that's relevant to your business needs, industry, or use case.
@@ -30 +30 @@ Security Hub standards and controls don't guarantee compliance with any regulato
-Individual controls can apply to more than one standard. If you enable multiple standards, we recommend that you also enable consolidated control findings. If you do this, Security Hub generates a single finding for each control, even if the control applies to more than one standard. If you don't turn on consolidated control findings, Security Hub generates a separate finding for each enabled standard that a control applies to. For example, if you enable two standards and a control applies to both of them, you receive two separate findings for the control, one for each standard. If you enable consolidated control findings, you receive only one finding for the control. For more information, see [Consolidated control findings](./controls-findings-create-update.html#consolidated-control-findings).
+Individual controls can apply to more than one standard. If you enable multiple standards, we recommend that you also enable consolidated control findings. If you do this, Security Hub CSPM generates a single finding for each control, even if the control applies to more than one standard. If you don't turn on consolidated control findings, Security Hub CSPM generates a separate finding for each enabled standard that a control applies to. For example, if you enable two standards and a control applies to both of them, you receive two separate findings for the control, one for each standard. If you enable consolidated control findings, you receive only one finding for the control. For more information, see [Consolidated control findings](./controls-findings-create-update.html#consolidated-control-findings).
@@ -57 +57 @@ To use the Amazon Web Services Documentation, Javascript must be enabled. Please
-Standards
+CSPM standards