AWS Security ChangesHomeSearch

AWS securityhub documentation change

Service: securityhub · 2025-08-16 · Documentation low

File: securityhub/latest/userguide/fsbp-standard.md

Summary

Updated control titles for EFS.6 and SageMaker.5 to clarify subnet public IP assignment and network isolation requirements

Security assessment

The changes clarify security best practices (avoiding public IP subnets for EFS and network isolation for SageMaker) but do not address a specific disclosed vulnerability. They improve documentation accuracy for existing security controls.

Diff

diff --git a/securityhub/latest/userguide/fsbp-standard.md b/securityhub/latest/userguide/fsbp-standard.md
index 1ac408812..926e20c14 100644
--- a//securityhub/latest/userguide/fsbp-standard.md
+++ b//securityhub/latest/userguide/fsbp-standard.md
@@ -245 +245 @@ The following list specifies which AWS Security Hub Cloud Security Posture Manag
-[[EFS.6] EFS mount targets should not be associated with a public subnet](./efs-controls.html#efs-6)
+[[EFS.6] EFS mount targets should not be associated with subnets that assign public IP addresses on launch](./efs-controls.html#efs-6)
@@ -617 +617 @@ The following list specifies which AWS Security Hub Cloud Security Posture Manag
-[[SageMaker.5] SageMaker models should block inbound traffic](./sagemaker-controls.html#sagemaker-5)
+[[SageMaker.5] SageMaker models should have network isolation enabled](./sagemaker-controls.html#sagemaker-5)