AWS securityhub documentation change
Summary
Removed IAM.17 control from NIST SP 800-171 Rev. 2 supported controls list
Security assessment
Removal of password expiration control from NIST standard mapping indicates compliance scope change, not a security vulnerability fix. No evidence this addresses a security weakness.
Diff
diff --git a/securityhub/latest/userguide/standards-reference-nist-800-171.md b/securityhub/latest/userguide/standards-reference-nist-800-171.md index 3ae58c399..bec0f49c0 100644 --- a//securityhub/latest/userguide/standards-reference-nist-800-171.md +++ b//securityhub/latest/userguide/standards-reference-nist-800-171.md @@ -153,2 +152,0 @@ The following list specifies the controls that support NIST SP 800-171 Revision - * [[IAM.17] Ensure IAM password policy expires passwords within 90 days or less](./iam-controls.html#iam-17) -