AWS Security ChangesHomeSearch

AWS prescriptive-guidance documentation change

Service: prescriptive-guidance · 2025-12-10 · Documentation low

File: prescriptive-guidance/latest/privacy-reference-architecture/org-management-account.md

Summary

Updated AWS Control Tower integration reference to specify AWS Security Hub CSPM

Security assessment

Clarifies use of CSPM for monitoring configuration drift. Enhances documentation of security features without addressing specific security issues.

Diff

diff --git a/prescriptive-guidance/latest/privacy-reference-architecture/org-management-account.md b/prescriptive-guidance/latest/privacy-reference-architecture/org-management-account.md
index 9552429c4..fba55982a 100644
--- a//prescriptive-guidance/latest/privacy-reference-architecture/org-management-account.md
+++ b//prescriptive-guidance/latest/privacy-reference-architecture/org-management-account.md
@@ -53 +53 @@ If you need to deploy privacy guardrails beyond data residency and sovereignty c
-AWS Control Tower is also integrated with AWS Security Hub to provide detective controls. These controls are known as [Service-Managed Standard: AWS Control Tower](https://docs.aws.amazon.com/securityhub/latest/userguide/service-managed-standard-aws-control-tower.html). You can use these controls to monitor for configuration drift of privacy-supporting controls, such as encryption at rest for Amazon Relational Database Service (Amazon RDS) database instances.
+AWS Control Tower is also integrated with AWS Security Hub CSPM to provide detective controls. These controls are known as [Service-Managed Standard: AWS Control Tower](https://docs.aws.amazon.com/securityhub/latest/userguide/service-managed-standard-aws-control-tower.html). You can use these controls to monitor for configuration drift of privacy-supporting controls, such as encryption at rest for Amazon Relational Database Service (Amazon RDS) database instances.