AWS securityhub documentation change
Summary
Announced retirement of Redshift controls and updated control titles to match changes in controls-change-log
Security assessment
Control retirement is due to service limitations rather than security issues. Title updates maintain consistency with other documentation changes.
Diff
diff --git a/securityhub/latest/userguide/doc-history.md b/securityhub/latest/userguide/doc-history.md index 8a0a70852..b8156b9e7 100644 --- a//securityhub/latest/userguide/doc-history.md +++ b//securityhub/latest/userguide/doc-history.md @@ -12,0 +13 @@ Change| Description| Date +Updates to security standards and controls| Due to Amazon Redshift limitations, we are planning to retire the [Redshift.9](https://docs.aws.amazon.com/securityhub/latest/userguide/redshift-controls.html#redshift-9) and [RedshiftServerless.7](https://docs.aws.amazon.com/securityhub/latest/userguide/redshiftserverless-controls.html#redshiftserverless-7) controls and remove them from all applicable standards on September 15, 2025. Currently, these controls apply to the [AWS Foundational Security Best Practices (FSBP) standard](https://docs.aws.amazon.com/securityhub/latest/userguide/fsbp-standard.html) and the [NIST SP 800-53 Rev. 5 standard](https://docs.aws.amazon.com/securityhub/latest/userguide/nist-standard.html). The Redshift.9 control also applies to the [AWS Control Tower service-managed standard](https://docs.aws.amazon.com/securityhub/latest/userguide/service-managed-standard-aws-control-tower.html).| August 15, 2025 @@ -72 +73 @@ New security controls| Security Hub CSPM released 37 new controls for the [AWS R - * [[SageMaker.5] SageMaker models should block inbound traffic](./sagemaker-controls.html#sagemaker-5) + * [[SageMaker.5] SageMaker models should have network isolation enabled](./sagemaker-controls.html#sagemaker-5) @@ -141 +142 @@ Select controls available in more Regions| The following controls are now availa - * [[EFS.6] EFS mount targets should not be associated with a public subnet](./efs-controls.html#efs-6) + * [[EFS.6] EFS mount targets should not be associated with subnets that assign public IP addresses on launch](./efs-controls.html#efs-6) @@ -184 +185 @@ Release of CIS AWS Foundations Benchmark v3.0.0| Security Hub CSPM released [Cen - * [[EFS.6] EFS mount targets should not be associated with a public subnet](./efs-controls.html#efs-6) + * [[EFS.6] EFS mount targets should not be associated with subnets that assign public IP addresses on launch](./efs-controls.html#efs-6)