AWS Security ChangesHomeSearch

AWS prescriptive-guidance documentation change

Service: prescriptive-guidance · 2025-12-10 · Documentation low

File: prescriptive-guidance/latest/vulnerability-management/assess-and-prioritize-security-findings.md

Summary

Updated references from 'Security Hub' to 'Security Hub CSPM' throughout the document, including in service listings and automation rules descriptions

Security assessment

The changes involve terminology updates (Security Hub → Security Hub CSPM) without introducing new security content or addressing vulnerabilities. No evidence of security fixes, incident response, or vulnerability disclosures exists in the diff.

Diff

diff --git a/prescriptive-guidance/latest/vulnerability-management/assess-and-prioritize-security-findings.md b/prescriptive-guidance/latest/vulnerability-management/assess-and-prioritize-security-findings.md
index 91bfd10a8..9365a5f24 100644
--- a//prescriptive-guidance/latest/vulnerability-management/assess-and-prioritize-security-findings.md
+++ b//prescriptive-guidance/latest/vulnerability-management/assess-and-prioritize-security-findings.md
@@ -9 +9 @@ A critical component of an effective vulnerability management program is the abi
-For Amazon Inspector, AWS Security Hub, and Amazon GuardDuty, findings contain a severity label or score. We recommend prioritizing the investigation of all critical and high severity findings in Security Hub, including findings related to the Foundational Security Best Practices (FSBP) standard, Amazon Inspector, and GuardDuty. Finding severity labels are scores are determined as follows:
+For Amazon Inspector, AWS Security Hub CSPM, and Amazon GuardDuty, findings contain a severity label or score. We recommend prioritizing the investigation of all critical and high severity findings in Security Hub CSPM, including findings related to the Foundational Security Best Practices (FSBP) standard, Amazon Inspector, and GuardDuty. Finding severity labels are scores are determined as follows:
@@ -15 +15 @@ For Amazon Inspector, AWS Security Hub, and Amazon GuardDuty, findings contain a
-  * The [severity of an Security Hub control finding](https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-standards-control-details.html#control-findings-severity) is determined by the difficulty to exploit and the likelihood of compromise. The difficulty is determined by the amount of sophistication or complexity that is required to use the weakness to carry out a threat scenario. The likelihood of compromise indicates how likely it is that the threat scenario will result in a disruption or breach of your AWS services or resources.
+  * The [severity of an Security Hub CSPM control finding](https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-standards-control-details.html#control-findings-severity) is determined by the difficulty to exploit and the likelihood of compromise. The difficulty is determined by the amount of sophistication or complexity that is required to use the weakness to carry out a threat scenario. The likelihood of compromise indicates how likely it is that the threat scenario will result in a disruption or breach of your AWS services or resources.
@@ -20 +20 @@ For Amazon Inspector, AWS Security Hub, and Amazon GuardDuty, findings contain a
-In order to tune findings, you can suppress or archive specific findings directly in the respective service console or by using the service's API. In addition, you can make changes to findings in Security Hub by using [automation rules](https://docs.aws.amazon.com/securityhub/latest/userguide/automation-rules.html). GuardDuty and Amazon Inspector findings are automatically sent to Security Hub. You can use automation rules to automatically update (such as changing the severity) or suppress findings in near real-time, based on criteria that you define. As you create automation rules, we recommend adding context to the rule description, such as the date of creation or modification, who created it, and why the rule is needed. This information is often helpful for future reference.
+In order to tune findings, you can suppress or archive specific findings directly in the respective service console or by using the service's API. In addition, you can make changes to findings in Security Hub CSPM by using [automation rules](https://docs.aws.amazon.com/securityhub/latest/userguide/automation-rules.html). GuardDuty and Amazon Inspector findings are automatically sent to Security Hub CSPM. You can use automation rules to automatically update (such as changing the severity) or suppress findings in near real-time, based on criteria that you define. As you create automation rules, we recommend adding context to the rule description, such as the date of creation or modification, who created it, and why the rule is needed. This information is often helpful for future reference.