AWS organizations documentation change
Summary
Renamed 'Security Hub policies' to 'Security Hub CSPM policies' throughout the document, updated terminology and links accordingly.
Security assessment
The change is a rebranding update that does not address any security vulnerability or weakness. It updates the feature name to include 'CSPM' (Cloud Security Posture Management) but does not alter the security functionality described. No evidence of security incident remediation or vulnerability patching exists in the diff.
Diff
diff --git a/organizations/latest/userguide/orgs_manage_policies_security_hub.md b/organizations/latest/userguide/orgs_manage_policies_security_hub.md index 30dc00ffe..3ad964c83 100644 --- a//organizations/latest/userguide/orgs_manage_policies_security_hub.md +++ b//organizations/latest/userguide/orgs_manage_policies_security_hub.md @@ -5 +5 @@ -Key features and benefitsWhat are Security Hub policies?How Security Hub policies workTerminologyUse cases for Security Hub policiesPolicy inheritance and enforcementPolicy validationRegional considerations and supported RegionsNext steps +Key features and benefitsWhat are Security Hub CSPM policies?How Security Hub CSPM policies workTerminologyUse cases for Security Hub CSPM policiesPolicy inheritance and enforcementPolicy validationRegional considerations and supported RegionsNext steps @@ -7 +7 @@ Key features and benefitsWhat are Security Hub policies?How Security Hub policie -# Security Hub policies +# Security Hub CSPM policies @@ -9 +9 @@ Key features and benefitsWhat are Security Hub policies?How Security Hub policie -AWS Security Hub policies provide security teams with a centralized approach to managing security configurations across their AWS Organizations. By leveraging these policies, you can establish and maintain consistent security controls through a central configuration mechanism. This integration allows you to address security coverage gaps by creating policies that align with your organization's security requirements and centrally applying them across accounts and organizational units (OUs). +AWS Security Hub CSPM policies provide security teams with a centralized approach to managing security configurations across their AWS Organizations. By leveraging these policies, you can establish and maintain consistent security controls through a central configuration mechanism. This integration allows you to address security coverage gaps by creating policies that align with your organization's security requirements and centrally applying them across accounts and organizational units (OUs). @@ -11 +11 @@ AWS Security Hub policies provide security teams with a centralized approach to -Security Hub policies are fully integrated with AWS Organizations, allowing management accounts or delegated administrators to define and enforce security configurations. When accounts join your organization, they automatically inherit the applicable policies based on their location in the organizational hierarchy. This ensures that your security standards are consistently applied as your organization grows. The policies respect existing organizational structures and provide flexibility in how security configurations are distributed, while maintaining central control over critical security settings. +Security Hub CSPM policies are fully integrated with AWS Organizations, allowing management accounts or delegated administrators to define and enforce security configurations. When accounts join your organization, they automatically inherit the applicable policies based on their location in the organizational hierarchy. This ensures that your security standards are consistently applied as your organization grows. The policies respect existing organizational structures and provide flexibility in how security configurations are distributed, while maintaining central control over critical security settings. @@ -15 +15 @@ Security Hub policies are fully integrated with AWS Organizations, allowing mana -Security Hub policies provide a comprehensive set of capabilities that help you manage and enforce security configurations across your AWS organization. These features streamline security management while ensuring consistent control over your multi-account environment. +Security Hub CSPM policies provide a comprehensive set of capabilities that help you manage and enforce security configurations across your AWS organization. These features streamline security management while ensuring consistent control over your multi-account environment. @@ -17 +17 @@ Security Hub policies provide a comprehensive set of capabilities that help you - * Centrally [enable Security Hub](https://docs.aws.amazon.com/securityhub/latest/userguide/security-hub-adv-getting-started-enable.html#security-hub-adv-getting-started-enable-org-account) across accounts and Regions in your organization + * Centrally [enable Security Hub CSPM](https://docs.aws.amazon.com/securityhub/latest/userguide/security-hub-adv-getting-started-enable.html#security-hub-adv-getting-started-enable-org-account) across accounts and Regions in your organization @@ -30 +30 @@ Security Hub policies provide a comprehensive set of capabilities that help you -## What are Security Hub policies? +## What are Security Hub CSPM policies? @@ -32 +32 @@ Security Hub policies provide a comprehensive set of capabilities that help you -Security Hub policies are AWS Organizations policies that provide centralized control over security configurations across your organization's accounts. These policies work seamlessly with AWS Organizations to help you establish and maintain consistent security standards throughout your multi-account environment. +Security Hub CSPM policies are AWS Organizations policies that provide centralized control over security configurations across your organization's accounts. These policies work seamlessly with AWS Organizations to help you establish and maintain consistent security standards throughout your multi-account environment. @@ -34 +34 @@ Security Hub policies are AWS Organizations policies that provide centralized co -When you implement Security Hub policies, you gain the ability to define specific security configurations that automatically propagate across your organization. This ensures that all accounts, including newly created ones, align with your organization's security requirements and best practices. +When you implement Security Hub CSPM policies, you gain the ability to define specific security configurations that automatically propagate across your organization. This ensures that all accounts, including newly created ones, align with your organization's security requirements and best practices. @@ -38 +38 @@ These policies also help you maintain compliance by enforcing consistent securit -## How Security Hub policies work +## How Security Hub CSPM policies work @@ -40 +40 @@ These policies also help you maintain compliance by enforcing consistent securit -When you attach an Security Hub policy to your organization or organizational unit, AWS Organizations automatically evaluates the policy and applies it based on the scope you define. The policy enforcement process follows specific conflict resolution rules: +When you attach an Security Hub CSPM policy to your organization or organizational unit, AWS Organizations automatically evaluates the policy and applies it based on the scope you define. The policy enforcement process follows specific conflict resolution rules: @@ -42 +42 @@ When you attach an Security Hub policy to your organization or organizational un -When regions appear in both enable and disable lists, the disable configuration takes precedence. For example, if a region is listed in both enable and disable configurations, Security Hub will be disabled in that region. +When regions appear in both enable and disable lists, the disable configuration takes precedence. For example, if a region is listed in both enable and disable configurations, Security Hub CSPM will be disabled in that region. @@ -44 +44 @@ When regions appear in both enable and disable lists, the disable configuration -When `ALL_SUPPORTED` is specified for enablement, Security Hub is enabled in all current and future regions unless explicitly disabled. This allows you to maintain comprehensive security coverage as AWS expands into new regions. +When `ALL_SUPPORTED` is specified for enablement, Security Hub CSPM is enabled in all current and future regions unless explicitly disabled. This allows you to maintain comprehensive security coverage as AWS expands into new regions. @@ -50 +50 @@ Child policies can modify parent policy settings using inheritance operators, al -This topic uses the following terms when discussing Security Hub policies. +This topic uses the following terms when discussing Security Hub CSPM policies. @@ -56,2 +56,2 @@ Policy inheritance | The process by which accounts inherit policies from parent -Delegated administrator | An account designated to manage Security Hub policies on behalf of the organization. -Service-linked role | An IAM role that allows Security Hub to interact with other AWS services. +Delegated administrator | An account designated to manage Security Hub CSPM policies on behalf of the organization. +Service-linked role | An IAM role that allows Security Hub CSPM to interact with other AWS services. @@ -59 +59 @@ Service-linked role | An IAM role that allows Security Hub to interact with othe -## Use cases for Security Hub policies +## Use cases for Security Hub CSPM policies @@ -61 +61 @@ Service-linked role | An IAM role that allows Security Hub to interact with othe -Security Hub policies address common security management challenges in multi-account environments. The following use cases demonstrate how organizations typically implement these policies to enhance their security posture. +Security Hub CSPM policies address common security management challenges in multi-account environments. The following use cases demonstrate how organizations typically implement these policies to enhance their security posture. @@ -65 +65 @@ Security Hub policies address common security management challenges in multi-acc -A multinational corporation needs different Security Hub configurations for different geographical regions. They create a parent policy enabling Security Hub in all regions using `ALL_SUPPORTED`, then use child policies to disable specific regions where different security controls are required. This allows them to maintain compliance with regional regulations while ensuring comprehensive security coverage. +A multinational corporation needs different Security Hub CSPM configurations for different geographical regions. They create a parent policy enabling Security Hub CSPM in all regions using `ALL_SUPPORTED`, then use child policies to disable specific regions where different security controls are required. This allows them to maintain compliance with regional regulations while ensuring comprehensive security coverage. @@ -69 +69 @@ A multinational corporation needs different Security Hub configurations for diff -A software development organization implements Security Hub policies that enable monitoring in production regions while keeping development regions unmanaged. They use explicit region lists in their policies rather than `ALL_SUPPORTED` to maintain precise control over security monitoring coverage. This approach allows them to enforce stricter security controls in production environments while maintaining flexibility in development areas. +A software development organization implements Security Hub CSPM policies that enable monitoring in production regions while keeping development regions unmanaged. They use explicit region lists in their policies rather than `ALL_SUPPORTED` to maintain precise control over security monitoring coverage. This approach allows them to enforce stricter security controls in production environments while maintaining flexibility in development areas. @@ -88 +88 @@ Understanding how policies are inherited and enforced is crucial for effective s -When creating Security Hub policies, the following validations occur: +When creating Security Hub CSPM policies, the following validations occur: @@ -92 +92 @@ When creating Security Hub policies, the following validations occur: - * Regions must be supported by Security Hub + * Regions must be supported by Security Hub CSPM @@ -103 +103 @@ When creating Security Hub policies, the following validations occur: -Security Hub policies operate across multiple Regions, requiring careful consideration of your global security requirements. Understanding regional behavior helps you implement effective security controls across your organization's global footprint. +Security Hub CSPM policies operate across multiple Regions, requiring careful consideration of your global security requirements. Understanding regional behavior helps you implement effective security controls across your organization's global footprint. @@ -111 +111 @@ Security Hub policies operate across multiple Regions, requiring careful conside - * Policies only apply to Regions where Security Hub is available + * Policies only apply to Regions where Security Hub CSPM is available @@ -118 +118 @@ Security Hub policies operate across multiple Regions, requiring careful conside -To get started with Security Hub policies: +To get started with Security Hub CSPM policies: @@ -120 +120 @@ To get started with Security Hub policies: - 1. Review the prerequisites in Getting started with Security Hub policies + 1. Review the prerequisites in Getting started with Security Hub CSPM policies