AWS Security ChangesHomeSearch

AWS organizations documentation change

Service: organizations · 2025-12-10 · Documentation low

File: organizations/latest/userguide/orgs_manage_policies_security_hub_best_practices.md

Summary

Updated documentation to consistently reference 'Security Hub CSPM policies' instead of generic 'Security Hub policies' throughout the file, including title, body text, and section headers

Security assessment

The changes clarify documentation for CSPM (Cloud Security Posture Management) policies but do not address any specific security vulnerability. The updates focus on terminology refinement and improved guidance for a security feature rather than fixing a security issue.

Diff

diff --git a/organizations/latest/userguide/orgs_manage_policies_security_hub_best_practices.md b/organizations/latest/userguide/orgs_manage_policies_security_hub_best_practices.md
index 641497a36..8fe2642a7 100644
--- a//organizations/latest/userguide/orgs_manage_policies_security_hub_best_practices.md
+++ b//organizations/latest/userguide/orgs_manage_policies_security_hub_best_practices.md
@@ -7 +7 @@ Policy design principlesRegion management strategiesPolicy inheritance planningM
-# Best practices for using Security Hub policies
+# Best practices for using Security Hub CSPM policies
@@ -9 +9 @@ Policy design principlesRegion management strategiesPolicy inheritance planningM
-When implementing Security Hub policies across your organization, following established best practices helps ensure successful deployment and maintenance of your security configurations. These guidelines specifically address the unique aspects of Security Hub policy management and enforcement within AWS Organizations.
+When implementing Security Hub CSPM policies across your organization, following established best practices helps ensure successful deployment and maintenance of your security configurations. These guidelines specifically address the unique aspects of Security Hub CSPM policy management and enforcement within AWS Organizations.
@@ -13 +13 @@ When implementing Security Hub policies across your organization, following esta
-Before creating Security Hub policies, establish clear principles for your policy structure. Keep policies simple and avoid complex cross-attribute or nested rules that make it difficult to determine the final outcome. Start with broad policies at the organization root level and refine them through child policies where needed.
+Before creating Security Hub CSPM policies, establish clear principles for your policy structure. Keep policies simple and avoid complex cross-attribute or nested rules that make it difficult to determine the final outcome. Start with broad policies at the organization root level and refine them through child policies where needed.
@@ -15 +15 @@ Before creating Security Hub policies, establish clear principles for your polic
-Consider using empty region lists strategically. You can leave `enable_in_regions` empty when you only need to disable Security Hub in specific regions, or leave `disable_in_regions` empty to keep regions unmanaged by policy. This flexibility helps you maintain precise control over your security monitoring coverage.
+Consider using empty region lists strategically. You can leave `enable_in_regions` empty when you only need to disable Security Hub CSPM in specific regions, or leave `disable_in_regions` empty to keep regions unmanaged by policy. This flexibility helps you maintain precise control over your security monitoring coverage.
@@ -19 +19 @@ Consider using empty region lists strategically. You can leave `enable_in_region
-When managing regions through Security Hub policies, consider these proven approaches. Use `ALL_SUPPORTED` when you want to automatically include future regions in your security coverage. For more granular control, explicitly list regions rather than relying on `ALL_SUPPORTED`, especially when different regions require different security configurations.
+When managing regions through Security Hub CSPM policies, consider these proven approaches. Use `ALL_SUPPORTED` when you want to automatically include future regions in your security coverage. For more granular control, explicitly list regions rather than relying on `ALL_SUPPORTED`, especially when different regions require different security configurations.
@@ -29 +29 @@ Document your region-specific requirements, particularly for:
-  * Regions where Security Hub must remain disabled
+  * Regions where Security Hub CSPM must remain disabled
@@ -44 +44 @@ Implement regular monitoring practices to ensure your policies remain effective.
-When troubleshooting Security Hub policies, focus first on policy precedence and inheritance. Remember that disable configurations take precedence over enable configurations when regions appear in both lists. Check policy inheritance chains to understand how parent and child policies combine to create the effective policy for each account.
+When troubleshooting Security Hub CSPM policies, focus first on policy precedence and inheritance. Remember that disable configurations take precedence over enable configurations when regions appear in both lists. Check policy inheritance chains to understand how parent and child policies combine to create the effective policy for each account.
@@ -54 +54 @@ Getting started
-Security Hub policy syntax and examples
+Security Hub CSPM policy syntax and examples