AWS securityhub documentation change
Summary
Updated control titles and descriptions for SageMaker.5 (network isolation) and EFS.6 (public IP subnets) to improve accuracy
Security assessment
Clarifies existing security controls but does not indicate any newly discovered security issues or vulnerabilities.
Diff
diff --git a/securityhub/latest/userguide/controls-change-log.md b/securityhub/latest/userguide/controls-change-log.md index 81d73deaa..3ca1f0bf5 100644 --- a//securityhub/latest/userguide/controls-change-log.md +++ b//securityhub/latest/userguide/controls-change-log.md @@ -12,0 +13,2 @@ Date of change | Control ID and title | Description of change +August 13, 2025 | [[SageMaker.5] SageMaker models should have network isolation enabled](./sagemaker-controls.html#sagemaker-5) | Security Hub CSPM changed the title and description of this control. The new title and description more accurately reflect that the control checks the setting for the `EnableNetworkIsolation` parameter of Amazon SageMaker AI hosted models. Previously, the title of this control was: _SageMaker models should block inbound traffic_. +August 13, 2025 | [[EFS.6] EFS mount targets should not be associated with subnets that assign public IP addresses on launch](./efs-controls.html#efs-6) | Security Hub CSPM changed the title and description of this control. The new title and description more precisely reflect the scope and nature of the check that the control performs. Previously, the title of this control was: _EFS mount targets should not be associated with a public subnet_.