AWS Security ChangesHomeSearch

AWS securityhub documentation change

Service: securityhub · 2025-07-01 · Documentation low

File: securityhub/latest/userguide/securityhub-controls-reference.md

Summary

Updated compliance standard mappings for IAM.13/IAM.17 controls and clarified RDS.16 control title

Security assessment

Removal of PCI DSS v4.0.1 from IAM.13/IAM.17 and title clarification for RDS.16 represent documentation maintenance without evidence of security vulnerability fixes. Changes affect compliance mappings but not security functionality.

Diff

diff --git a/securityhub/latest/userguide/securityhub-controls-reference.md b/securityhub/latest/userguide/securityhub-controls-reference.md
index 192478a8b..a3036939f 100644
--- a//securityhub/latest/userguide/securityhub-controls-reference.md
+++ b//securityhub/latest/userguide/securityhub-controls-reference.md
@@ -330 +330 @@ Security control ID | Security control title | Applicable standards | Severity |
-[IAM.13](./iam-controls.html#iam-13) |  Ensure IAM password policy requires at least one symbol  | CIS AWS Foundations Benchmark v1.2.0, NIST SP 800-171 Rev. 2, PCI DSS v4.0.1 |  MEDIUM  |  No  |  Periodic   
+[IAM.13](./iam-controls.html#iam-13) |  Ensure IAM password policy requires at least one symbol  | CIS AWS Foundations Benchmark v1.2.0, NIST SP 800-171 Rev. 2 |  MEDIUM  |  No  |  Periodic   
@@ -334 +334 @@ Security control ID | Security control title | Applicable standards | Severity |
-[IAM.17](./iam-controls.html#iam-17) |  Ensure IAM password policy expires passwords within 90 days or less  | CIS AWS Foundations Benchmark v1.2.0, NIST SP 800-171 Rev. 2, PCI DSS v4.0.1 |  LOW  |  No  |  Periodic   
+[IAM.17](./iam-controls.html#iam-17) |  Ensure IAM password policy expires passwords within 90 days or less  | CIS AWS Foundations Benchmark v1.2.0, PCI DSS v4.0.1 |  LOW  |  No  |  Periodic   
@@ -444 +444 @@ Security control ID | Security control title | Applicable standards | Severity |
-[RDS.16](./rds-controls.html#rds-16) |  RDS DB clusters should be configured to copy tags to snapshots  |  AWS Foundational Security Best Practices v1.0.0, NIST SP 800-53 Rev. 5  |  LOW  |  No  |  Change triggered   
+[RDS.16](./rds-controls.html#rds-16) | Aurora DB clusters should be configured to copy tags to DB snapshots | AWS Foundational Security Best Practices v1.0.0, NIST SP 800-53 Rev. 5 | LOW  |  No | Change triggered