AWS prescriptive-guidance documentation change
Summary
Updated references from 'Security Hub documentation' to 'Security Hub CSPM documentation' for multiple controls including EBS snapshots, RDS, DMS, S3, OpenSearch, KMS, and ELB security recommendations.
Security assessment
Changes only update terminology to specify CSPM (Cloud Security Posture Management) without altering security recommendations or addressing vulnerabilities. No evidence of security incidents or vulnerability fixes.
Diff
diff --git a/prescriptive-guidance/latest/security-controls-by-caf-capability/data-controls.md b/prescriptive-guidance/latest/security-controls-by-caf-capability/data-controls.md index dfe5b97e0..dff4c5ad2 100644 --- a//prescriptive-guidance/latest/security-controls-by-caf-capability/data-controls.md +++ b//prescriptive-guidance/latest/security-controls-by-caf-capability/data-controls.md @@ -132 +132 @@ For more information, see the following resources: - * [Amazon EBS snapshots should not be publicly restorable](https://docs.aws.amazon.com/securityhub/latest/userguide/ec2-controls.html#ec2-1) in the AWS Security Hub documentation + * [Amazon EBS snapshots should not be publicly restorable](https://docs.aws.amazon.com/securityhub/latest/userguide/ec2-controls.html#ec2-1) in the AWS Security Hub CSPM documentation @@ -151 +151 @@ For more information, see the following resources: - * [RDS snapshot should be private](https://docs.aws.amazon.com/securityhub/latest/userguide/rds-controls.html#rds-1) in the Security Hub documentation + * [RDS snapshot should be private](https://docs.aws.amazon.com/securityhub/latest/userguide/rds-controls.html#rds-1) in the Security Hub CSPM documentation @@ -160 +160 @@ You can configure Amazon RDS DB instances, Amazon Redshift clusters, and AWS Dat -We recommend that you enable AWS Config rules or Security Hub controls to detect whether Amazon RDS DB instances, AWS DMS replication instances, or Amazon Redshift clusters allow public access. +We recommend that you enable AWS Config rules or Security Hub CSPM controls to detect whether Amazon RDS DB instances, AWS DMS replication instances, or Amazon Redshift clusters allow public access. @@ -168 +168 @@ For more information, see the following resources: - * [AWS DMS replication instances should not be public](https://docs.aws.amazon.com/securityhub/latest/userguide/dms-controls.html#dms-1) in the Security Hub documentation + * [AWS DMS replication instances should not be public](https://docs.aws.amazon.com/securityhub/latest/userguide/dms-controls.html#dms-1) in the Security Hub CSPM documentation @@ -170 +170 @@ For more information, see the following resources: - * [RDS DB Instances should prohibit public access](https://docs.aws.amazon.com/securityhub/latest/userguide/rds-controls.html#rds-2) in the Security Hub documentation + * [RDS DB Instances should prohibit public access](https://docs.aws.amazon.com/securityhub/latest/userguide/rds-controls.html#rds-2) in the Security Hub CSPM documentation @@ -172 +172 @@ For more information, see the following resources: - * [Amazon Redshift clusters should prohibit public access](https://docs.aws.amazon.com/securityhub/latest/userguide/redshift-controls.html#redshift-1) in the Security Hub documentation + * [Amazon Redshift clusters should prohibit public access](https://docs.aws.amazon.com/securityhub/latest/userguide/redshift-controls.html#redshift-1) in the Security Hub CSPM documentation @@ -189 +189 @@ For more information, see the following resources: -It's an Amazon S3 security best practice to ensure that your buckets are not publicly accessible. Unless you explicitly require anyone on the internet to be able to read or write to your bucket, make sure that your bucket is not public. This helps protect the integrity and security of the data. You can use AWS Config rules and Security Hub controls to confirm that your Amazon S3 buckets are compliant with this best practice. +It's an Amazon S3 security best practice to ensure that your buckets are not publicly accessible. Unless you explicitly require anyone on the internet to be able to read or write to your bucket, make sure that your bucket is not public. This helps protect the integrity and security of the data. You can use AWS Config rules and Security Hub CSPM controls to confirm that your Amazon S3 buckets are compliant with this best practice. @@ -195 +195 @@ For more information, see the following resources: - * [S3 Block Public Access setting should be enabled](https://docs.aws.amazon.com/securityhub/latest/userguide/s3-controls.html#s3-1) in the Security Hub documentation + * [S3 Block Public Access setting should be enabled](https://docs.aws.amazon.com/securityhub/latest/userguide/s3-controls.html#s3-1) in the Security Hub CSPM documentation @@ -197 +197 @@ For more information, see the following resources: - * [S3 buckets should prohibit public read access](https://docs.aws.amazon.com/securityhub/latest/userguide/s3-controls.html#s3-2) in the Security Hub documentation + * [S3 buckets should prohibit public read access](https://docs.aws.amazon.com/securityhub/latest/userguide/s3-controls.html#s3-2) in the Security Hub CSPM documentation @@ -199 +199 @@ For more information, see the following resources: - * [S3 buckets should prohibit public write access](https://docs.aws.amazon.com/securityhub/latest/userguide/s3-controls.html#s3-3) in the Security Hub documentation + * [S3 buckets should prohibit public write access](https://docs.aws.amazon.com/securityhub/latest/userguide/s3-controls.html#s3-3) in the Security Hub CSPM documentation @@ -229 +229 @@ For more information, see the following resources: - * [OpenSearch domains should be in a VPC](https://docs.aws.amazon.com/securityhub/latest/userguide/opensearch-controls.html#opensearch-2) in the Security Hub documentation + * [OpenSearch domains should be in a VPC](https://docs.aws.amazon.com/securityhub/latest/userguide/opensearch-controls.html#opensearch-2) in the Security Hub CSPM documentation @@ -246 +246 @@ For more information, see the following resources: - * [AWS KMS keys should not be deleted unintentionally](https://docs.aws.amazon.com/securityhub/latest/userguide/kms-controls.html#kms-3) in the Security Hub documentation + * [AWS KMS keys should not be deleted unintentionally](https://docs.aws.amazon.com/securityhub/latest/userguide/kms-controls.html#kms-3) in the Security Hub CSPM documentation @@ -293 +293 @@ For more information, see the following resources: - * [Classic Load Balancer listeners should be configured with HTTPS or TLS termination](https://docs.aws.amazon.com/securityhub/latest/userguide/elb-controls.html#elb-3) in the Security Hub documentation + * [Classic Load Balancer listeners should be configured with HTTPS or TLS termination](https://docs.aws.amazon.com/securityhub/latest/userguide/elb-controls.html#elb-3) in the Security Hub CSPM documentation @@ -295 +295 @@ For more information, see the following resources: - * [Application Load Balancer should be configured to redirect all HTTP requests to HTTPS](https://docs.aws.amazon.com/securityhub/latest/userguide/elb-controls.html#elb-1) in the Security Hub documentation + * [Application Load Balancer should be configured to redirect all HTTP requests to HTTPS](https://docs.aws.amazon.com/securityhub/latest/userguide/elb-controls.html#elb-1) in the Security Hub CSPM documentation