AWS Security ChangesHomeSearch

AWS prescriptive-guidance documentation change

Service: prescriptive-guidance · 2025-12-10 · Documentation low

File: prescriptive-guidance/latest/ou-structure-landing-zone/phase-1.md

Summary

Added 'CSPM' to AWS Security Hub reference in security account context

Security assessment

Clarifies use of Security Hub's CSPM feature in audit account architecture, improving security service documentation without indicating vulnerability remediation

Diff

diff --git a/prescriptive-guidance/latest/ou-structure-landing-zone/phase-1.md b/prescriptive-guidance/latest/ou-structure-landing-zone/phase-1.md
index e9375e007..5b2aefa81 100644
--- a//prescriptive-guidance/latest/ou-structure-landing-zone/phase-1.md
+++ b//prescriptive-guidance/latest/ou-structure-landing-zone/phase-1.md
@@ -19 +19 @@ The following diagram shows the initial OU architecture.
-The Security OU broadly groups AWS accounts related to security functionality together and uses two accounts (Audit and Log Archive) to store security operational data for central logging and auditing access to the environment. AWS core security services such as Amazon GuardDuty and AWS Security Hub reside in the Audit account.
+The Security OU broadly groups AWS accounts related to security functionality together and uses two accounts (Audit and Log Archive) to store security operational data for central logging and auditing access to the environment. AWS core security services such as Amazon GuardDuty and AWS Security Hub CSPM reside in the Audit account.