AWS securityhub documentation change
Summary
Updated documentation history with changes to security standards (removed IAM.13/IAM.17 controls from PCI/NIST standards), managed policy updates, and public preview release details
Security assessment
Changes document removal of specific security controls from compliance standards and updates to managed policies. While related to security controls, there's no evidence of addressing vulnerabilities - appears to be compliance alignment updates.
Diff
diff --git a/securityhub/latest/userguide/doc-history.md b/securityhub/latest/userguide/doc-history.md index 9e8ed0848..d6450dcf6 100644 --- a//securityhub/latest/userguide/doc-history.md +++ b//securityhub/latest/userguide/doc-history.md @@ -12,0 +13 @@ Change| Description| Date +Updates to security standards and controls| We removed the [IAM.13 control](https://docs.aws.amazon.com/securityhub/latest/userguide/iam-controls.html#iam-13) from the [PCI DSS v4.0.1 standard](https://docs.aws.amazon.com/securityhub/latest/userguide/pci-standard.html). We also removed the [IAM.17 control](https://docs.aws.amazon.com/securityhub/latest/userguide/iam-controls.html#iam-17) from the [NIST SP 800-171 Revision 2 standard](https://docs.aws.amazon.com/securityhub/latest/userguide/standards-reference-nist-800-171.html). The standards don't explicitly require the checks that these controls provide. We also updated related requirement details for these standards for certain controls that check IAM password policies: IAM.7, and IAM.10 through IAM.17.| June 30, 2025 @@ -14,4 +15,2 @@ Updates to finding retention| Security Hub CSPM now [stores archived findings](h -Update to existing managed policy| Security Hub CSPM added new permission to `AWSSecurityHubOrganizationsAccess`. The permission allows the organization management to enable and manage Security Hub and Security Hub CSPM within an organization. | June 17, 2025 -Update to existing managed policy| Security Hub CSPM added new permission to `AWSSecurityHubFullAccess`. The permission allows principals to create a service-linked role for Security Hub. | June 17, 2025 -Public preview release of AWS Security Hub| Published public preview release of [_AWS Security Hub User Guide_](https://docs.aws.amazon.com/securityhub/latest/userguide/what-is-security-hub-adv.html). | June 17, 2025 -New managed policy for Security Hub| A new managed policy, `AWSSecurityHubV2ServiceRolePolicy`, allows Security Hub to manage AWS Config rules and Security Hub resources in a customer's organization and on the customer's behalf. Security Hub is in preview release and subject to change. | June 17, 2025 +Updates to existing managed policies| Security Hub CSPM added new permission to the [AWS managed policy](https://docs.aws.amazon.com/securityhub/latest/userguide/security-iam-awsmanpol.html) named `AWSSecurityHubOrganizationsAccess`. The permission allows the organization management to enable and manage Security Hub and Security Hub CSPM within an organization. Security Hub CSPM also added new permission to the AWS managed policy named `AWSSecurityHubFullAccess`. The permission allows principals to create a service-linked role for Security Hub.| June 18, 2025 +Public preview release and a new managed policy for Security Hub| Public preview release of AWS Security Hub and the [_AWS Security Hub User Guide_](https://docs.aws.amazon.com/securityhub/latest/userguide/what-is-security-hub-adv.html). This release includes a new [AWS managed policy](https://docs.aws.amazon.com/securityhub/latest/userguide/security-iam-awsmanpol.html), `AWSSecurityHubV2ServiceRolePolicy`. The policy allows Security Hub to manage AWS Config rules and Security Hub resources in a customer's organization and on the customer's behalf. Security Hub is in preview release and subject to change. | June 17, 2025