AWS Security ChangesHomeSearch

AWS prescriptive-guidance documentation change

Service: prescriptive-guidance · 2025-12-10 · Documentation low

File: prescriptive-guidance/latest/secure-architecture-dod/vdms.md

Summary

Updated references from 'AWS Security Hub' to 'AWS Security Hub CSPM' in two security requirement entries (2.1.3.1 and 2.1.3.7)

Security assessment

The change specifies CSPM (Cloud Security Posture Management) capabilities of Security Hub but doesn't address any vulnerability. It enhances documentation of security features by clarifying the CSPM functionality used for compliance monitoring.

Diff

diff --git a/prescriptive-guidance/latest/secure-architecture-dod/vdms.md b/prescriptive-guidance/latest/secure-architecture-dod/vdms.md
index b74a8006c..82848e8f0 100644
--- a//prescriptive-guidance/latest/secure-architecture-dod/vdms.md
+++ b//prescriptive-guidance/latest/secure-architecture-dod/vdms.md
@@ -15 +15 @@ ID | VDMS security requirement | AWS technologies | Additional resources | Cover
-2.1.3.1 | The VDMS shall provide Assured Compliance Assessment Solution (ACAS), or approved equivalent, to conduct continuous monitoring for all enclaves within the CSE. | [AWS Config](https://docs.aws.amazon.com/config/latest/developerguide/WhatIsConfig.html)[AWS Security Hub](https://docs.aws.amazon.com/securityhub/latest/userguide/what-is-securityhub.html)[AWS Audit Manager](https://docs.aws.amazon.com/audit-manager/latest/userguide/what-is.html)[Amazon Inspector](https://docs.aws.amazon.com/inspector/latest/user/what-is-inspector.html) | [Vulnerability scanning with Amazon Inspector](https://catalog.us-east-1.prod.workshops.aws/secure-windows/en-US/vulnerability-management/inspector) | Partially covered  
+2.1.3.1 | The VDMS shall provide Assured Compliance Assessment Solution (ACAS), or approved equivalent, to conduct continuous monitoring for all enclaves within the CSE. | [AWS Config](https://docs.aws.amazon.com/config/latest/developerguide/WhatIsConfig.html)[AWS Security Hub CSPM](https://docs.aws.amazon.com/securityhub/latest/userguide/what-is-securityhub.html)[AWS Audit Manager](https://docs.aws.amazon.com/audit-manager/latest/userguide/what-is.html)[Amazon Inspector](https://docs.aws.amazon.com/inspector/latest/user/what-is-inspector.html) | [Vulnerability scanning with Amazon Inspector](https://catalog.us-east-1.prod.workshops.aws/secure-windows/en-US/vulnerability-management/inspector) | Partially covered  
@@ -21 +21 @@ ID | VDMS security requirement | AWS technologies | Additional resources | Cover
-2.1.3.7 | The VDMS shall provide a system, security, application, and user activity event logging and archiving system for common collection, storage, and access to event logs by privileged users performing BCP and MCP activities. | [AWS Security Hub](https://docs.aws.amazon.com/securityhub/latest/userguide/what-is-securityhub.html)[AWS CloudTrail](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-user-guide.html)[Amazon CloudWatch Logs](https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/WhatIsCloudWatchLogs.html)[Amazon Simple Storage Service (Amazon S3)](https://docs.aws.amazon.com/AmazonS3/latest/userguide/Welcome.html) | [Centralized Logging with OpenSearch](https://aws.amazon.com/solutions/implementations/centralized-logging-with-opensearch/) | Covered  
+2.1.3.7 | The VDMS shall provide a system, security, application, and user activity event logging and archiving system for common collection, storage, and access to event logs by privileged users performing BCP and MCP activities. | [AWS Security Hub CSPM](https://docs.aws.amazon.com/securityhub/latest/userguide/what-is-securityhub.html)[AWS CloudTrail](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-user-guide.html)[Amazon CloudWatch Logs](https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/WhatIsCloudWatchLogs.html)[Amazon Simple Storage Service (Amazon S3)](https://docs.aws.amazon.com/AmazonS3/latest/userguide/Welcome.html) | [Centralized Logging with OpenSearch](https://aws.amazon.com/solutions/implementations/centralized-logging-with-opensearch/) | Covered