AWS Security ChangesHomeSearch

AWS prescriptive-guidance documentation change

Service: prescriptive-guidance · 2025-12-10 · Documentation low

File: prescriptive-guidance/latest/security-reference-architecture/value.md

Summary

Replaced 'AWS Security Hub' with 'AWS Security Hub CSPM' in service descriptions and architecture references

Security assessment

Changes clarify the use of CSPM capabilities within Security Hub but show no indicators of patching vulnerabilities or responding to incidents. The updates provide more precise documentation of existing security features without introducing new security content.

Diff

diff --git a/prescriptive-guidance/latest/security-reference-architecture/value.md b/prescriptive-guidance/latest/security-reference-architecture/value.md
index 6681d7608..3894670da 100644
--- a//prescriptive-guidance/latest/security-reference-architecture/value.md
+++ b//prescriptive-guidance/latest/security-reference-architecture/value.md
@@ -55 +55 @@ The AWS SRA infrastructure as code (IaC) modules provide a fast, reliable way to
-The guidance and discussions in the AWS SRA include important features as well as deployment and management considerations for individual AWS security and security-related services. One feature of the AWS SRA is that it provides a high-level introduction to the breadth of the AWS security services and how they work together in a multi-account environment. This complements the deep dive into the features and configuration for each service found in other sources. One example of this is the [discussion](./security-tooling.html#tool-security-hub) of how AWS Security Hub ingests security findings from a variety of AWS services, AWS Partner products, and even your own applications.
+The guidance and discussions in the AWS SRA include important features as well as deployment and management considerations for individual AWS security and security-related services. One feature of the AWS SRA is that it provides a high-level introduction to the breadth of the AWS security services and how they work together in a multi-account environment. This complements the deep dive into the features and configuration for each service found in other sources. One example of this is the [discussion](./security-tooling.html#tool-security-hub) of how AWS Security Hub CSPM ingests security findings from a variety of AWS services, AWS Partner products, and even your own applications.
@@ -74 +74 @@ Here are eight key takeaways from the AWS SRA to keep in mind as you design and
-  * Where possible (as detailed in later sections), make use of AWS services that can be deployed in every account (distributed instead of centralized) and build a consistent set of shared guardrails that can help protect your workloads from misuse and help reduce the impact of security events. The AWS SRA uses AWS Security Hub (centralized finding monitoring and compliance checks), Amazon GuardDuty (threat detection and anomaly detection), AWS Config (resource monitoring and change detection), IAM Access Analyzer (resource access monitoring, AWS CloudTrail (logging service API activity across your environment) and Amazon Macie (data classification) as a base set of AWS services to be deployed across every AWS account.
+  * Where possible (as detailed in later sections), make use of AWS services that can be deployed in every account (distributed instead of centralized) and build a consistent set of shared guardrails that can help protect your workloads from misuse and help reduce the impact of security events. The AWS SRA uses AWS Security Hub CSPM (centralized finding monitoring and compliance checks), Amazon GuardDuty (threat detection and anomaly detection), AWS Config (resource monitoring and change detection), IAM Access Analyzer (resource access monitoring, AWS CloudTrail (logging service API activity across your environment) and Amazon Macie (data classification) as a base set of AWS services to be deployed across every AWS account.