AWS Security ChangesHomeSearch

AWS securityhub documentation change

Service: securityhub · 2025-07-16 · Documentation high

File: securityhub/latest/userguide/fsbp-standard.md

Summary

Added multiple new security controls across AWS services including TLS policies, access restrictions, logging, and network security checks.

Security assessment

The changes document new security best practices (e.g., disabling public access, enabling encryption, audit logging) but do not reference specific vulnerabilities or incidents. These are proactive security enhancements.

Diff

diff --git a/securityhub/latest/userguide/fsbp-standard.md b/securityhub/latest/userguide/fsbp-standard.md
index 43956882c..f3ac5595d 100644
--- a//securityhub/latest/userguide/fsbp-standard.md
+++ b//securityhub/latest/userguide/fsbp-standard.md
@@ -82,0 +83,2 @@ The following list specifies which AWS Security Hub Cloud Security Posture Manag
+[[CloudFront.15] CloudFront distributions should use the recommended TLS security policy](./cloudfront-controls.html#cloudfront-15)
+
@@ -100,0 +103,2 @@ The following list specifies which AWS Security Hub Cloud Security Posture Manag
+[[Cognito.2] Cognito identity pools should not allow unauthenticated identities](./cognito-controls.html#cognito-2)
+
@@ -204,0 +209,2 @@ The following list specifies which AWS Security Hub Cloud Security Posture Manag
+[[EC2.180] EC2 network interfaces should have source/destination checking enabled](./ec2-controls.html#ec2-180)
+
@@ -300,0 +307,2 @@ The following list specifies which AWS Security Hub Cloud Security Posture Manag
+[[ELB.18] Application and Network Load Balancer listeners should use secure protocols to encrypt data in transit](./elb-controls.html#elb-18)
+
@@ -416,0 +425,6 @@ The following list specifies which AWS Security Hub Cloud Security Posture Manag
+[[MSK.4] MSK clusters should have public access disabled](./msk-controls.html#msk-4)
+
+[[MSK.5] MSK connectors should have logging enabled](./msk-controls.html#msk-5)
+
+[[MSK.6] MSK clusters should disable unauthenticated access](./msk-controls.html#msk-6)
+
@@ -534,0 +549,2 @@ The following list specifies which AWS Security Hub Cloud Security Posture Manag
+[[RDS.45] Aurora MySQL DB clusters should have audit logging enabled](./rds-controls.html#rds-45)
+
@@ -554,0 +571,2 @@ The following list specifies which AWS Security Hub Cloud Security Posture Manag
+[[Redshift.18] Redshift clusters should have Multi-AZ deployments enabled](./redshift-controls.html#redshift-18)
+
@@ -588,0 +607,2 @@ The following list specifies which AWS Security Hub Cloud Security Posture Manag
+[[S3.25] S3 directory buckets should have lifecycle configurations](./s3-controls.html#s3-25)
+
@@ -624,0 +645,4 @@ The following list specifies which AWS Security Hub Cloud Security Posture Manag
+[[SSM.6] SSM Automation should have CloudWatch logging enabled](./ssm-controls.html#ssm-6)
+
+[[SSM.7] SSM documents should have the block public sharing setting enabled](./ssm-controls.html#ssm-7)
+