AWS securityhub documentation change
Summary
Added resource recording requirements for CIS v5.0.0 compliance
Security assessment
Supports compliance with newer security standards but does not fix vulnerabilities. Focuses on audit capability rather than direct security mitigation.
Diff
diff --git a/securityhub/latest/userguide/controls-config-resources.md b/securityhub/latest/userguide/controls-config-resources.md index 1940c98d9..c47659329 100644 --- a//securityhub/latest/userguide/controls-config-resources.md +++ b//securityhub/latest/userguide/controls-config-resources.md @@ -296,0 +297,12 @@ To run security checks for enabled controls that apply to the Center for Interne +### Required resources for CIS v5.0.0 + +For Security Hub CSPM to accurately report findings for enabled CIS v5.0.0 change triggered controls that use an AWS Config rule, you must record the following types of resources in AWS Config. + +AWS service | Resource types +---|--- +Amazon Elastic Compute Cloud (Amazon EC2) | `AWS::EC2::Instance`, `AWS::EC2::NetworkAcl`, `AWS::EC2::SecurityGroup`, `AWS::EC2::VPC` +Amazon Elastic File System (Amazon EFS) | `AWS::EFS::FileSystem` +AWS Identity and Access Management (IAM) | `AWS::IAM::Group`, `AWS::IAM::User`, `AWS::IAM::Role` +Amazon Relational Database Service (Amazon RDS) | `AWS::RDS::DBInstance`, `AWS::RDS::DBCluster` +Amazon Simple Storage Service (Amazon S3) | `AWS::S3::Bucket` +