AWS prescriptive-guidance documentation change
Summary
Updated references from 'AWS Security Hub' to 'AWS Security Hub CSPM' in two security requirement entries (2.1.3.1 and 2.1.3.7)
Security assessment
The change specifies CSPM (Cloud Security Posture Management) capabilities of Security Hub but doesn't address any vulnerability. It enhances documentation of security features by clarifying the CSPM functionality used for compliance monitoring.
Diff
diff --git a/prescriptive-guidance/latest/secure-architecture-dod/vdms.md b/prescriptive-guidance/latest/secure-architecture-dod/vdms.md index b74a8006c..82848e8f0 100644 --- a//prescriptive-guidance/latest/secure-architecture-dod/vdms.md +++ b//prescriptive-guidance/latest/secure-architecture-dod/vdms.md @@ -15 +15 @@ ID | VDMS security requirement | AWS technologies | Additional resources | Cover -2.1.3.1 | The VDMS shall provide Assured Compliance Assessment Solution (ACAS), or approved equivalent, to conduct continuous monitoring for all enclaves within the CSE. | [AWS Config](https://docs.aws.amazon.com/config/latest/developerguide/WhatIsConfig.html)[AWS Security Hub](https://docs.aws.amazon.com/securityhub/latest/userguide/what-is-securityhub.html)[AWS Audit Manager](https://docs.aws.amazon.com/audit-manager/latest/userguide/what-is.html)[Amazon Inspector](https://docs.aws.amazon.com/inspector/latest/user/what-is-inspector.html) | [Vulnerability scanning with Amazon Inspector](https://catalog.us-east-1.prod.workshops.aws/secure-windows/en-US/vulnerability-management/inspector) | Partially covered +2.1.3.1 | The VDMS shall provide Assured Compliance Assessment Solution (ACAS), or approved equivalent, to conduct continuous monitoring for all enclaves within the CSE. | [AWS Config](https://docs.aws.amazon.com/config/latest/developerguide/WhatIsConfig.html)[AWS Security Hub CSPM](https://docs.aws.amazon.com/securityhub/latest/userguide/what-is-securityhub.html)[AWS Audit Manager](https://docs.aws.amazon.com/audit-manager/latest/userguide/what-is.html)[Amazon Inspector](https://docs.aws.amazon.com/inspector/latest/user/what-is-inspector.html) | [Vulnerability scanning with Amazon Inspector](https://catalog.us-east-1.prod.workshops.aws/secure-windows/en-US/vulnerability-management/inspector) | Partially covered @@ -21 +21 @@ ID | VDMS security requirement | AWS technologies | Additional resources | Cover -2.1.3.7 | The VDMS shall provide a system, security, application, and user activity event logging and archiving system for common collection, storage, and access to event logs by privileged users performing BCP and MCP activities. | [AWS Security Hub](https://docs.aws.amazon.com/securityhub/latest/userguide/what-is-securityhub.html)[AWS CloudTrail](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-user-guide.html)[Amazon CloudWatch Logs](https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/WhatIsCloudWatchLogs.html)[Amazon Simple Storage Service (Amazon S3)](https://docs.aws.amazon.com/AmazonS3/latest/userguide/Welcome.html) | [Centralized Logging with OpenSearch](https://aws.amazon.com/solutions/implementations/centralized-logging-with-opensearch/) | Covered +2.1.3.7 | The VDMS shall provide a system, security, application, and user activity event logging and archiving system for common collection, storage, and access to event logs by privileged users performing BCP and MCP activities. | [AWS Security Hub CSPM](https://docs.aws.amazon.com/securityhub/latest/userguide/what-is-securityhub.html)[AWS CloudTrail](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-user-guide.html)[Amazon CloudWatch Logs](https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/WhatIsCloudWatchLogs.html)[Amazon Simple Storage Service (Amazon S3)](https://docs.aws.amazon.com/AmazonS3/latest/userguide/Welcome.html) | [Centralized Logging with OpenSearch](https://aws.amazon.com/solutions/implementations/centralized-logging-with-opensearch/) | Covered