AWS securityhub documentation change
Summary
Added CSPM (Cloud Security Posture Management) references throughout documentation, updated terminology from Security Hub to Security Hub CSPM
Security assessment
Changes clarify the service's security posture management capabilities but do not address specific vulnerabilities. The updates enhance documentation about existing security features (CSPM) rather than fixing security issues. CSPM-related documentation improvements help users understand security configuration management.
Diff
diff --git a/securityhub/latest/userguide/stop-central-configuration.md b/securityhub/latest/userguide/stop-central-configuration.md index 8711a3d86..5518d2d52 100644 --- a//securityhub/latest/userguide/stop-central-configuration.md +++ b//securityhub/latest/userguide/stop-central-configuration.md @@ -3 +3 @@ -[Documentation](/index.html)[AWS Security Hub](/securityhub/index.html)[User Guide](what-is-securityhub.html) +[Documentation](/index.html)[AWS Security Hub](/securityhub/index.html)[ User Guide ](what-is-security-hub-adv.html) @@ -5 +5 @@ -# Disabling central configuration in Security Hub +# Disabling central configuration in Security Hub CSPM @@ -7 +7 @@ -When you disable central configuration in AWS Security Hub, the delegated administrator loses the ability to configure Security Hub, security standards, and security controls across multiple AWS accounts, organizational units (OUs), and AWS Regions. Instead, you must configure most settings separately for each account in each Region. +When you disable central configuration in AWS Security Hub Cloud Security Posture Management (CSPM), the delegated administrator loses the ability to configure Security Hub CSPM, security standards, and security controls across multiple AWS accounts, organizational units (OUs), and AWS Regions. Instead, you must configure most settings separately for each account in each Region. @@ -21 +21 @@ When you disable central configuration, the following changes occur: - * Your organization switches to _local configuration_. Under local configuration, the majority of Security Hub settings must be configured separately in each organization account and Region. The delegated administrator can choose to automatically enable Security Hub, [default security standards](./securityhub-auto-enabled-standards.html), and all controls that are part of the default standards in new organization accounts. The default standards are AWS Foundational Security Best Practices (FSBP) and Center for Internet Security (CIS) AWS Foundations Benchmark v1.2.0. These settings take effect in the current Region only and impact new organization accounts only. The delegated administrator can't change which standards are default. Local configuration doesn't support the use of configuration policies or configuration at the OU level. + * Your organization switches to _local configuration_. Under local configuration, the majority of Security Hub CSPM settings must be configured separately in each organization account and Region. The delegated administrator can choose to automatically enable Security Hub CSPM, [default security standards](./securityhub-auto-enabled-standards.html), and all controls that are part of the default standards in new organization accounts. The default standards are AWS Foundational Security Best Practices (FSBP) and Center for Internet Security (CIS) AWS Foundations Benchmark v1.2.0. These settings take effect in the current Region only and impact new organization accounts only. The delegated administrator can't change which standards are default. Local configuration doesn't support the use of configuration policies or configuration at the OU level. @@ -30 +30 @@ Choose your preferred method, and follow the steps to stop using central configu -Security Hub console +Security Hub CSPM console @@ -35 +35 @@ Security Hub console - 1. Open the AWS Security Hub console at [https://console.aws.amazon.com/securityhub/](https://console.aws.amazon.com/securityhub/). + 1. Open the AWS Security Hub Cloud Security Posture Management (CSPM) console at [https://console.aws.amazon.com/securityhub/](https://console.aws.amazon.com/securityhub/). @@ -37 +37 @@ Security Hub console -Sign in using the credentials of the delegated Security Hub administrator account in the home Region. +Sign in using the credentials of the delegated Security Hub CSPM administrator account in the home Region. @@ -52 +52 @@ Sign in using the credentials of the delegated Security Hub administrator accoun -Security Hub API +Security Hub CSPM API @@ -61 +61 @@ Security Hub API - 3. If you want to automatically enable Security Hub in new organization accounts, set the `AutoEnable` field to `true`. By default, the value of this field is `false`, and Security Hub isn't automatically enabled in new organization accounts. Optionally, if you want to automatically enable default security standards in new organization accounts, set the `AutoEnableStandards` field to `DEFAULT`. This the default value. If you don't want to automatically enable default security standards in new organization accounts, set the `AutoEnableStandards` field to `NONE`. + 3. If you want to automatically enable Security Hub CSPM in new organization accounts, set the `AutoEnable` field to `true`. By default, the value of this field is `false`, and Security Hub CSPM isn't automatically enabled in new organization accounts. Optionally, if you want to automatically enable default security standards in new organization accounts, set the `AutoEnableStandards` field to `DEFAULT`. This the default value. If you don't want to automatically enable default security standards in new organization accounts, set the `AutoEnableStandards` field to `NONE`. @@ -86 +86 @@ AWS CLI - 3. If you want to automatically enable Security Hub in new organization accounts, include the `auto-enable` parameter. By default, the value of this parameter is `no-auto-enable`, and Security Hub isn't automatically enabled in new organization accounts. Optionally, if you want to automatically enable default security standards in new organization accounts, set the `auto-enable-standards` field to `DEFAULT`. This the default value. If you don't want to automatically enable default security standards in new organization accounts, set the `auto-enable-standards` field to `NONE`. + 3. If you want to automatically enable Security Hub CSPM in new organization accounts, include the `auto-enable` parameter. By default, the value of this parameter is `no-auto-enable`, and Security Hub CSPM isn't automatically enabled in new organization accounts. Optionally, if you want to automatically enable default security standards in new organization accounts, set the `auto-enable-standards` field to `DEFAULT`. This the default value. If you don't want to automatically enable default security standards in new organization accounts, set the `auto-enable-standards` field to `NONE`. @@ -105 +105 @@ In-context configuration -Managing administrator and member accounts +Managing Security Hub CSPM for multiple accounts