AWS Security ChangesHomeSearch

AWS controltower documentation change

Service: controltower · 2025-12-10 · Documentation low

File: controltower/latest/userguide/control-limitations.md

Summary

Updated references from 'Security Hub Service-managed Standard' to 'Security Hub CSPM Service-managed Standard' and updated documentation links to reflect CSPM controls reference

Security assessment

The change clarifies the use of Cloud Security Posture Management (CSPM) controls in Security Hub standards but does not address a specific security vulnerability. This update improves documentation accuracy regarding security features.

Diff

diff --git a/controltower/latest/userguide/control-limitations.md b/controltower/latest/userguide/control-limitations.md
index 7b70c1c60..5e8ecdc48 100644
--- a//controltower/latest/userguide/control-limitations.md
+++ b//controltower/latest/userguide/control-limitations.md
@@ -23 +23 @@ AWS Control Tower helps maintain the integrity of your environment by resetting
-Some controls in AWS Control Tower do not operate in certain AWS Regions where AWS Control Tower is available, because those Regions do not support the required underlying functionality. As a result, when you deploy that control, it may not be operating in all Regions that you govern with AWS Control Tower. This limitation affects certain detective controls, certain proactive controls, and certain controls in the **Security Hub Service-managed Standard: AWS Control Tower**. For more information about Regional availability, see the [Security Hub controls](https://docs.aws.amazon.com//controltower/latest/controlreference/security-hub-controls.html). Also see the [Regional services list documentation](https://aws.amazon.com/about-aws/global-infrastructure/regional-product-services/) and the [Security Hub controls reference documentation](https://docs.aws.amazon.com//securityhub/latest/userguide/securityhub-controls-reference.html).
+Some controls in AWS Control Tower do not operate in certain AWS Regions where AWS Control Tower is available, because those Regions do not support the required underlying functionality. As a result, when you deploy that control, it may not be operating in all Regions that you govern with AWS Control Tower. This limitation affects certain detective controls, certain proactive controls, and certain controls in the **Security Hub CSPM Service-managed Standard: AWS Control Tower**. For more information about Regional availability, see the [Security Hub controls](https://docs.aws.amazon.com//controltower/latest/controlreference/security-hub-controls.html). Also see the [Regional services list documentation](https://aws.amazon.com/about-aws/global-infrastructure/regional-product-services/) and the [Security Hub CSPM controls reference documentation](https://docs.aws.amazon.com//securityhub/latest/userguide/securityhub-controls-reference.html).
@@ -39 +39 @@ Also see the reference table of AWS Control Tower controls and supported Regions
-For information about AWS Security Hub controls from the **Service-Managed Standard: AWS Control Tower** that are not supported in certain AWS Regions, see "Unsupported Regions" in the [Security Hub standard](https://docs.aws.amazon.com//controltower/latest/controlreference/security-hub-controls.html).
+For information about AWS Security Hub CSPM controls from the **Service-Managed Standard: AWS Control Tower** that are not supported in certain AWS Regions, see "Unsupported Regions" in the [Security Hub CSPM standard](https://docs.aws.amazon.com//controltower/latest/controlreference/security-hub-controls.html).