AWS Security ChangesHomeSearch

AWS prescriptive-guidance documentation change

Service: prescriptive-guidance · 2025-12-10 · Documentation low

File: prescriptive-guidance/latest/security-controls-by-caf-capability/infrastructure-controls.md

Summary

Updated references from 'Security Hub' to 'Security Hub CSPM' in Lambda and EC2 security control sections, and in Amazon Inspector integration description.

Security assessment

The changes only rebrand Security Hub to Security Hub CSPM without altering security guidance or addressing vulnerabilities. No security weaknesses or incidents are mentioned in the diff.

Diff

diff --git a/prescriptive-guidance/latest/security-controls-by-caf-capability/infrastructure-controls.md b/prescriptive-guidance/latest/security-controls-by-caf-capability/infrastructure-controls.md
index 55d81d3ec..dd20f33b1 100644
--- a//prescriptive-guidance/latest/security-controls-by-caf-capability/infrastructure-controls.md
+++ b//prescriptive-guidance/latest/security-controls-by-caf-capability/infrastructure-controls.md
@@ -115 +115 @@ We recommend that you configure [resource-based policies](https://docs.aws.amazo
-We also recommend that you enable the **[Lambda.1] Lambda function policies should prohibit public access** control in AWS Security Hub. This control validates that resource-based policies for Lambda functions prohibit public access.
+We also recommend that you enable the **[Lambda.1] Lambda function policies should prohibit public access** control in AWS Security Hub CSPM. This control validates that resource-based policies for Lambda functions prohibit public access.
@@ -119 +119 @@ For more information, see the following resources:
-  * [AWS Lambda controls](https://docs.aws.amazon.com/securityhub/latest/userguide/lambda-controls.html) in the Security Hub documentation
+  * [AWS Lambda controls](https://docs.aws.amazon.com/securityhub/latest/userguide/lambda-controls.html) in the Security Hub CSPM documentation
@@ -136 +136 @@ Because the default security group can't be deleted, we recommend that you chang
-We also recommend that you enable the **[EC2.2] VPC default security groups should not allow inbound or outbound traffic** control in Security Hub. This control validates that the default security group of a VPC denies inbound and outbound traffic.
+We also recommend that you enable the **[EC2.2] VPC default security groups should not allow inbound or outbound traffic** control in Security Hub CSPM. This control validates that the default security group of a VPC denies inbound and outbound traffic.
@@ -144 +144 @@ For more information, see the following resources:
-  * [Amazon EC2 controls](https://docs.aws.amazon.com/securityhub/latest/userguide/ec2-controls.html#ec2-2) in the Security Hub documentation
+  * [Amazon EC2 controls](https://docs.aws.amazon.com/securityhub/latest/userguide/ec2-controls.html#ec2-2) in the Security Hub CSPM documentation
@@ -151 +151 @@ For more information, see the following resources:
-We recommend that you enable Amazon Inspector in all of your accounts. [Amazon Inspector](https://docs.aws.amazon.com/inspector/latest/user/what-is-inspector.html) is a vulnerability management service that continually scans your Amazon EC2 instances, Amazon Elastic Container Registry (Amazon ECR) container images, and Lambda functions for software vulnerabilities and unintended network exposure. It also supports deep inspection of Amazon EC2 instances. When Amazon Inspector identifies a vulnerability or an open network path, it produces a finding that you can investigate. If Amazon Inspector and Security Hub are both set up in your account, then Amazon Inspector automatically sends security findings to Security Hub for centralized management.
+We recommend that you enable Amazon Inspector in all of your accounts. [Amazon Inspector](https://docs.aws.amazon.com/inspector/latest/user/what-is-inspector.html) is a vulnerability management service that continually scans your Amazon EC2 instances, Amazon Elastic Container Registry (Amazon ECR) container images, and Lambda functions for software vulnerabilities and unintended network exposure. It also supports deep inspection of Amazon EC2 instances. When Amazon Inspector identifies a vulnerability or an open network path, it produces a finding that you can investigate. If Amazon Inspector and Security Hub CSPM are both set up in your account, then Amazon Inspector automatically sends security findings to Security Hub CSPM for centralized management.