AWS Security ChangesHomeSearch

AWS securityhub documentation change

Service: securityhub · 2025-08-16 · Documentation low

File: securityhub/latest/userguide/doc-history.md

Summary

Announced retirement of Redshift controls and updated control titles to match changes in controls-change-log

Security assessment

Control retirement is due to service limitations rather than security issues. Title updates maintain consistency with other documentation changes.

Diff

diff --git a/securityhub/latest/userguide/doc-history.md b/securityhub/latest/userguide/doc-history.md
index 8a0a70852..b8156b9e7 100644
--- a//securityhub/latest/userguide/doc-history.md
+++ b//securityhub/latest/userguide/doc-history.md
@@ -12,0 +13 @@ Change| Description| Date
+Updates to security standards and controls| Due to Amazon Redshift limitations, we are planning to retire the [Redshift.9](https://docs.aws.amazon.com/securityhub/latest/userguide/redshift-controls.html#redshift-9) and [RedshiftServerless.7](https://docs.aws.amazon.com/securityhub/latest/userguide/redshiftserverless-controls.html#redshiftserverless-7) controls and remove them from all applicable standards on September 15, 2025. Currently, these controls apply to the [AWS Foundational Security Best Practices (FSBP) standard](https://docs.aws.amazon.com/securityhub/latest/userguide/fsbp-standard.html) and the [NIST SP 800-53 Rev. 5 standard](https://docs.aws.amazon.com/securityhub/latest/userguide/nist-standard.html). The Redshift.9 control also applies to the [AWS Control Tower service-managed standard](https://docs.aws.amazon.com/securityhub/latest/userguide/service-managed-standard-aws-control-tower.html).| August 15, 2025  
@@ -72 +73 @@ New security controls| Security Hub CSPM released 37 new controls for the [AWS R
-  * [[SageMaker.5] SageMaker models should block inbound traffic](./sagemaker-controls.html#sagemaker-5)
+  * [[SageMaker.5] SageMaker models should have network isolation enabled](./sagemaker-controls.html#sagemaker-5)
@@ -141 +142 @@ Select controls available in more Regions| The following controls are now availa
-  * [[EFS.6] EFS mount targets should not be associated with a public subnet](./efs-controls.html#efs-6)
+  * [[EFS.6] EFS mount targets should not be associated with subnets that assign public IP addresses on launch](./efs-controls.html#efs-6)
@@ -184 +185 @@ Release of CIS AWS Foundations Benchmark v3.0.0| Security Hub CSPM released [Cen
-  * [[EFS.6] EFS mount targets should not be associated with a public subnet](./efs-controls.html#efs-6)
+  * [[EFS.6] EFS mount targets should not be associated with subnets that assign public IP addresses on launch](./efs-controls.html#efs-6)