AWS securityhub documentation change
Summary
Updated references from 'Security Hub' to 'Security Hub CSPM' (Cloud Security Posture Management) throughout the documentation, including console/API naming and link adjustments
Security assessment
The changes primarily involve branding updates (adding CSPM references) and documentation link corrections. While CSPM relates to security posture management, there is no evidence of addressing specific vulnerabilities or security incidents. The core security score calculation logic remains unchanged.
Diff
diff --git a/securityhub/latest/userguide/standards-security-score.md b/securityhub/latest/userguide/standards-security-score.md index ee361c14b..1b3375e43 100644 --- a//securityhub/latest/userguide/standards-security-score.md +++ b//securityhub/latest/userguide/standards-security-score.md @@ -3 +3 @@ -[Documentation](/index.html)[AWS Security Hub](/securityhub/index.html)[User Guide](what-is-securityhub.html) +[Documentation](/index.html)[AWS Security Hub](/securityhub/index.html)[ User Guide ](what-is-security-hub-adv.html) @@ -9 +9 @@ Method of calculating security scoresSecurity scores for administrator accountsS -On the AWS Security Hub console, the **Summary** page and the **Controls** page display a summary security score across all of your enabled standards. On the **Security standards** page, Security Hub also displays a security score from 0–100 percent for each enabled standard. +On the AWS Security Hub Cloud Security Posture Management (CSPM) console, the **Summary** page and the **Controls** page display a summary security score across all of your enabled standards. On the **Security standards** page, Security Hub CSPM also displays a security score from 0–100 percent for each enabled standard. @@ -11 +11 @@ On the AWS Security Hub console, the **Summary** page and the **Controls** page -When you first enable Security Hub, Security Hub calculates the summary security score and standard security scores within 30 minutes of your first visit to the **Summary** or **Security standards** page on the console. Scores are generated only for standards that are enabled when you visit those pages on the console. In addition, AWS Config resource recording must be configured for the scores to appear. The summary security score is the average of the standard security scores. To review a list of standards that are currently enabled, you can use the [GetEnabledStandards](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_GetEnabledStandards.html) operation of the Security Hub API. +When you first enable Security Hub CSPM, Security Hub CSPM calculates the summary security score and standard security scores within 30 minutes of your first visit to the **Summary** or **Security standards** page on the console. Scores are generated only for standards that are enabled when you visit those pages on the console. In addition, AWS Config resource recording must be configured for the scores to appear. The summary security score is the average of the standard security scores. To review a list of standards that are currently enabled, you can use the [GetEnabledStandards](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_GetEnabledStandards.html) operation of the Security Hub CSPM API. @@ -13 +13 @@ When you first enable Security Hub, Security Hub calculates the summary security -After first-time score generation, Security Hub updates security scores every 24 hours. Security Hub displays a timestamp to indicate when a security score was last updated. Note that it can take up to 24 hours for first-time security scores to be generated in the China Regions and AWS GovCloud (US) Regions. +After first-time score generation, Security Hub CSPM updates security scores every 24 hours. Security Hub CSPM displays a timestamp to indicate when a security score was last updated. Note that it can take up to 24 hours for first-time security scores to be generated in the China Regions and AWS GovCloud (US) Regions. @@ -15 +15 @@ After first-time score generation, Security Hub updates security scores every 24 -If you turn on [consolidated control findings](./controls-findings-create-update.html#consolidated-control-findings), it can take up to 24 hours for your security scores to update. In addition, enabling a new aggregation Region or updating linked Regions resets existing security scores. It can take up to 24 hours for Security Hub to generate new security scores that include data from the updated Regions. +If you turn on [consolidated control findings](./controls-findings-create-update.html#consolidated-control-findings), it can take up to 24 hours for your security scores to update. In addition, enabling a new aggregation Region or updating linked Regions resets existing security scores. It can take up to 24 hours for Security Hub CSPM to generate new security scores that include data from the updated Regions. @@ -21 +21 @@ Security scores represent the proportion of **Passed** controls to enabled contr -Security Hub calculates a summary security score across all of your enabled standards. Security Hub also calculates a security score for each enabled standard. For purposes of score calculation, enabled controls include controls with a status of **Passed** , **Failed** , and **Unknown**. Controls with a status of **No data** are excluded from the score calculation. +Security Hub CSPM calculates a summary security score across all of your enabled standards. Security Hub CSPM also calculates a security score for each enabled standard. For purposes of score calculation, enabled controls include controls with a status of **Passed** , **Failed** , and **Unknown**. Controls with a status of **No data** are excluded from the score calculation. @@ -23 +23 @@ Security Hub calculates a summary security score across all of your enabled stan -Security Hub ignores archived and suppressed findings when calculating control status. This can impact security scores. For example, if you suppress all failed findings for a control, its status becomes **Passed** , which can in turn improve your security scores. For more information about control status, see [Evaluating compliance status and control status in Security Hub](./controls-overall-status.html). +Security Hub CSPM ignores archived and suppressed findings when calculating control status. This can impact security scores. For example, if you suppress all failed findings for a control, its status becomes **Passed** , which can in turn improve your security scores. For more information about control status, see [Evaluating compliance status and control status](./controls-overall-status.html). @@ -35 +35 @@ PCI DSS v3.2.1 | 28 | 17 | 0 | 62% -When calculating the summary security score, Security Hub counts each control only once across standards. For example, if you have enabled a control that applies to three enabled standards, it only counts as one enabled control for scoring purposes. +When calculating the summary security score, Security Hub CSPM counts each control only once across standards. For example, if you have enabled a control that applies to three enabled standards, it only counts as one enabled control for scoring purposes. @@ -37 +37 @@ When calculating the summary security score, Security Hub counts each control on -In this example, although the total number of enabled controls across enabled standards is 528, Security Hub counts each unique control only once for scoring purposes. The number of unique enabled controls is likely lower than 528. If we assume the number of unique enabled controls is 515, and the number of unique passed controls is 357, the summary score is 69%. This score is calculated by dividing the number of unique passed controls by the number of unique enabled controls. +In this example, although the total number of enabled controls across enabled standards is 528, Security Hub CSPM counts each unique control only once for scoring purposes. The number of unique enabled controls is likely lower than 528. If we assume the number of unique enabled controls is 515, and the number of unique passed controls is 357, the summary score is 69%. This score is calculated by dividing the number of unique passed controls by the number of unique enabled controls.