AWS Security ChangesHomeSearch

AWS prescriptive-guidance documentation change

Service: prescriptive-guidance · 2025-12-10 · Documentation low

File: prescriptive-guidance/latest/aws-kms-best-practices/monitoring.md

Summary

Updated references from 'Security Hub' to 'Security Hub CSPM' in monitoring context and EventBridge integration

Security assessment

Specifies CSPM component for security controls and monitoring integrations but does not indicate remediation of a security flaw. Enhances documentation of security posture management features.

Diff

diff --git a/prescriptive-guidance/latest/aws-kms-best-practices/monitoring.md b/prescriptive-guidance/latest/aws-kms-best-practices/monitoring.md
index ff70c3cf5..5d7192eca 100644
--- a//prescriptive-guidance/latest/aws-kms-best-practices/monitoring.md
+++ b//prescriptive-guidance/latest/aws-kms-best-practices/monitoring.md
@@ -93 +93 @@ AWS Config lets you proactively check for compliance with AWS Config rules befor
-You can also implement AWS Config rules as controls through [AWS Security Hub](https://docs.aws.amazon.com/securityhub/latest/userguide/what-is-securityhub.html). Security Hub offers security standards that you can apply to your AWS accounts. These standards help you assess your environment against recommend practices. The [AWS Foundational Security Best Practices](https://docs.aws.amazon.com/securityhub/latest/userguide/fsbp-standard.html) standard includes controls within the [protect control category](https://docs.aws.amazon.com/securityhub/latest/userguide/control-categories.html#control-category-protect) to verify that encryption at rest is configured and that KMS key policies follow recommended practices.
+You can also implement AWS Config rules as controls through [AWS Security Hub CSPM](https://docs.aws.amazon.com/securityhub/latest/userguide/what-is-securityhub.html). Security Hub CSPM offers security standards that you can apply to your AWS accounts. These standards help you assess your environment against recommend practices. The [AWS Foundational Security Best Practices](https://docs.aws.amazon.com/securityhub/latest/userguide/fsbp-standard.html) standard includes controls within the [protect control category](https://docs.aws.amazon.com/securityhub/latest/userguide/control-categories.html#control-category-protect) to verify that encryption at rest is configured and that KMS key policies follow recommended practices.
@@ -118 +118 @@ CloudWatch alarms help you take corrective action, such as cancelling key deleti
-You can also use [Amazon EventBridge](https://docs.aws.amazon.com/eventbridge/latest/userguide/eb-what-is.html) to notify you of important events that affect your KMS keys. EventBridge is an AWS service that delivers a near real-time stream of system events that describe changes to AWS resources. EventBridge automatically receives events from CloudTrail and Security Hub. In EventBridge, you can create rules that respond to events recorded by CloudTrail.
+You can also use [Amazon EventBridge](https://docs.aws.amazon.com/eventbridge/latest/userguide/eb-what-is.html) to notify you of important events that affect your KMS keys. EventBridge is an AWS service that delivers a near real-time stream of system events that describe changes to AWS resources. EventBridge automatically receives events from CloudTrail and Security Hub CSPM. In EventBridge, you can create rules that respond to events recorded by CloudTrail.