AWS Security ChangesHomeSearch

AWS prescriptive-guidance documentation change

Service: prescriptive-guidance · 2025-12-10 · Documentation low

File: prescriptive-guidance/latest/essential-eight-maturity/restrict-administrative-privileges.md

Summary

Updated Security Hub reference to 'Security Hub CSPM' in privileged access logging section

Security assessment

The change emphasizes CSPM integration but lacks evidence of addressing a specific security incident. It enhances documentation about security monitoring capabilities.

Diff

diff --git a/prescriptive-guidance/latest/essential-eight-maturity/restrict-administrative-privileges.md b/prescriptive-guidance/latest/essential-eight-maturity/restrict-administrative-privileges.md
index d521223ac..af855087e 100644
--- a//prescriptive-guidance/latest/essential-eight-maturity/restrict-administrative-privileges.md
+++ b//prescriptive-guidance/latest/essential-eight-maturity/restrict-administrative-privileges.md
@@ -23 +23 @@ Windows Defender Credential Guard and Windows Defender Remote Credential Guard a
-Use of privileged access is centrally logged and protected from unauthorised modification and deletion, monitored for signs of compromise, and actioned when cyber security events are detected. | [Theme 7: Centralise logging and monitoring](./theme-7.html): Enable logging[Theme 7: Centralise logging and monitoring](./theme-7.html): Centralise logs | [Use CloudWatch Agent to publish OS-level logs to CloudWatch Logs](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/Install-CloudWatch-Agent.html)[Enable CloudTrail for your organization](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/creating-trail-organization.html)[Centralise CloudWatch Logs in an account for auditing and analysis](https://aws.amazon.com/blogs/architecture/stream-amazon-cloudwatch-logs-to-a-centralized-account-for-audit-and-analysis/) (AWS blog post)[Centralize management of Amazon Inspector](https://docs.aws.amazon.com/inspector/latest/user/managing-multiple-accounts.html)[Centralise management of Security Hub](https://docs.aws.amazon.com/securityhub/latest/userguide/designate-orgs-admin-account.html)[Create an organisation-wide aggregator in AWS Config](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/creating-trail-organization.html) (AWS blog post)[Centralise management of GuardDuty](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_organizations.html)[Consider using Amazon Security Lake](https://docs.aws.amazon.com/security-lake/latest/userguide/what-is-security-lake.html)[Receive CloudTrail logs from multiple accounts](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-receive-logs-from-multiple-accounts.html)[Send logs to a log archive account](https://docs.aws.amazon.com/whitepapers/latest/organizing-your-aws-environment/security-ou-and-accounts.html#log-archive-account) | [SEC04-BP01 Configure service and application logging](https://docs.aws.amazon.com/wellarchitected/latest/security-pillar/sec_detect_investigate_events_app_service_logging.html)[SEC04-BP02 Capture logs, findings, and metrics in standardized locations](https://docs.aws.amazon.com/wellarchitected/latest/security-pillar/sec_detect_investigate_events_logs.html)  
+Use of privileged access is centrally logged and protected from unauthorised modification and deletion, monitored for signs of compromise, and actioned when cyber security events are detected. | [Theme 7: Centralise logging and monitoring](./theme-7.html): Enable logging[Theme 7: Centralise logging and monitoring](./theme-7.html): Centralise logs | [Use CloudWatch Agent to publish OS-level logs to CloudWatch Logs](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/Install-CloudWatch-Agent.html)[Enable CloudTrail for your organization](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/creating-trail-organization.html)[Centralise CloudWatch Logs in an account for auditing and analysis](https://aws.amazon.com/blogs/architecture/stream-amazon-cloudwatch-logs-to-a-centralized-account-for-audit-and-analysis/) (AWS blog post)[Centralize management of Amazon Inspector](https://docs.aws.amazon.com/inspector/latest/user/managing-multiple-accounts.html)[Centralise management of Security Hub CSPM](https://docs.aws.amazon.com/securityhub/latest/userguide/designate-orgs-admin-account.html)[Create an organisation-wide aggregator in AWS Config](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/creating-trail-organization.html) (AWS blog post)[Centralise management of GuardDuty](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_organizations.html)[Consider using Amazon Security Lake](https://docs.aws.amazon.com/security-lake/latest/userguide/what-is-security-lake.html)[Receive CloudTrail logs from multiple accounts](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-receive-logs-from-multiple-accounts.html)[Send logs to a log archive account](https://docs.aws.amazon.com/whitepapers/latest/organizing-your-aws-environment/security-ou-and-accounts.html#log-archive-account) | [SEC04-BP01 Configure service and application logging](https://docs.aws.amazon.com/wellarchitected/latest/security-pillar/sec_detect_investigate_events_app_service_logging.html)[SEC04-BP02 Capture logs, findings, and metrics in standardized locations](https://docs.aws.amazon.com/wellarchitected/latest/security-pillar/sec_detect_investigate_events_logs.html)