AWS securityhub documentation change
Summary
Updated compliance standard mappings for IAM.13/IAM.17 controls and clarified RDS.16 control title
Security assessment
Removal of PCI DSS v4.0.1 from IAM.13/IAM.17 and title clarification for RDS.16 represent documentation maintenance without evidence of security vulnerability fixes. Changes affect compliance mappings but not security functionality.
Diff
diff --git a/securityhub/latest/userguide/securityhub-controls-reference.md b/securityhub/latest/userguide/securityhub-controls-reference.md index 192478a8b..a3036939f 100644 --- a//securityhub/latest/userguide/securityhub-controls-reference.md +++ b//securityhub/latest/userguide/securityhub-controls-reference.md @@ -330 +330 @@ Security control ID | Security control title | Applicable standards | Severity | -[IAM.13](./iam-controls.html#iam-13) | Ensure IAM password policy requires at least one symbol | CIS AWS Foundations Benchmark v1.2.0, NIST SP 800-171 Rev. 2, PCI DSS v4.0.1 | MEDIUM | No | Periodic +[IAM.13](./iam-controls.html#iam-13) | Ensure IAM password policy requires at least one symbol | CIS AWS Foundations Benchmark v1.2.0, NIST SP 800-171 Rev. 2 | MEDIUM | No | Periodic @@ -334 +334 @@ Security control ID | Security control title | Applicable standards | Severity | -[IAM.17](./iam-controls.html#iam-17) | Ensure IAM password policy expires passwords within 90 days or less | CIS AWS Foundations Benchmark v1.2.0, NIST SP 800-171 Rev. 2, PCI DSS v4.0.1 | LOW | No | Periodic +[IAM.17](./iam-controls.html#iam-17) | Ensure IAM password policy expires passwords within 90 days or less | CIS AWS Foundations Benchmark v1.2.0, PCI DSS v4.0.1 | LOW | No | Periodic @@ -444 +444 @@ Security control ID | Security control title | Applicable standards | Severity | -[RDS.16](./rds-controls.html#rds-16) | RDS DB clusters should be configured to copy tags to snapshots | AWS Foundational Security Best Practices v1.0.0, NIST SP 800-53 Rev. 5 | LOW | No | Change triggered +[RDS.16](./rds-controls.html#rds-16) | Aurora DB clusters should be configured to copy tags to DB snapshots | AWS Foundational Security Best Practices v1.0.0, NIST SP 800-53 Rev. 5 | LOW | No | Change triggered