AWS prescriptive-guidance documentation change
Summary
Updated control name from 'Disallow AWS VPN' to 'Disallow Site-to-Site VPN' connections
Security assessment
Terminology update only. The security justification for restricting VPN connections (preventing unauthorized access/data exfiltration) remains identical with no new vulnerabilities addressed.
Diff
diff --git a/prescriptive-guidance/latest/designing-control-tower-landing-zone/optional.md b/prescriptive-guidance/latest/designing-control-tower-landing-zone/optional.md index 9ad2e4616..ae750d74b 100644 --- a//prescriptive-guidance/latest/designing-control-tower-landing-zone/optional.md +++ b//prescriptive-guidance/latest/designing-control-tower-landing-zone/optional.md @@ -103 +103 @@ AWS Control Tower controls are continuously updated. For the most up-to-date and -[Disallow AWS Virtual Private Network (AWS VPN) connections](https://docs.aws.amazon.com/controltower/latest/controlreference/data-residency-controls.html#prevent-vpn-connection) | Elective | Preventive | — | Restricts VPN connections to guard against unauthorized access, data exfiltration, or bypassing security controls. +[Disallow AWS Virtual Private Network (Site-to-Site VPN) connections](https://docs.aws.amazon.com/controltower/latest/controlreference/data-residency-controls.html#prevent-vpn-connection) | Elective | Preventive | — | Restricts VPN connections to guard against unauthorized access, data exfiltration, or bypassing security controls.