AWS Security ChangesHomeSearch

AWS prescriptive-guidance documentation change

Service: prescriptive-guidance · 2025-12-10 · Documentation low

File: prescriptive-guidance/latest/vulnerability-management/aws-security-hub.md

Summary

Renamed 'AWS Security Hub' to 'AWS Security Hub CSPM' throughout the document, including titles, section headers, and content references. Updated links and terminology to reflect the new naming convention.

Security assessment

The changes are purely terminological, replacing 'Security Hub' with 'Security Hub CSPM' without introducing new security concepts, addressing vulnerabilities, or modifying security recommendations. No evidence of security vulnerability fixes or incident response.

Diff

diff --git a/prescriptive-guidance/latest/vulnerability-management/aws-security-hub.md b/prescriptive-guidance/latest/vulnerability-management/aws-security-hub.md
index 2e4169b3d..3e2c9e3f7 100644
--- a//prescriptive-guidance/latest/vulnerability-management/aws-security-hub.md
+++ b//prescriptive-guidance/latest/vulnerability-management/aws-security-hub.md
@@ -5 +5 @@
-Setting up Security HubEnabling Security Hub standardsManaging Security Hub findingsAggregating findings
+Setting up Security Hub CSPMEnabling Security Hub CSPM standardsManaging Security Hub CSPM findingsAggregating findings
@@ -7 +7 @@ Setting up Security HubEnabling Security Hub standardsManaging Security Hub find
-# Using AWS Security Hub in your vulnerability managment program
+# Using AWS Security Hub CSPM in your vulnerability managment program
@@ -9 +9 @@ Setting up Security HubEnabling Security Hub standardsManaging Security Hub find
-Building a scalable vulnerability management program on AWS involves managing traditional software and network vulnerabilities in addition to cloud configuration risks. [AWS Security Hub](https://docs.aws.amazon.com/securityhub/latest/userguide/what-is-securityhub.html) helps you check your AWS environment against security industry standards and can identify cloud configuration risks. Security Hub also provides a comprehensive view of your security state in AWS by aggregating security findings from other AWS security services and third-party security tools.
+Building a scalable vulnerability management program on AWS involves managing traditional software and network vulnerabilities in addition to cloud configuration risks. [AWS Security Hub CSPM](https://docs.aws.amazon.com/securityhub/latest/userguide/what-is-securityhub.html) helps you check your AWS environment against security industry standards and can identify cloud configuration risks. Security Hub CSPM also provides a comprehensive view of your security state in AWS by aggregating security findings from other AWS security services and third-party security tools.
@@ -11 +11 @@ Building a scalable vulnerability management program on AWS involves managing tr
-In the following sections, we provide best practices and recommendations for setting up Security Hub to support your vulnerability management program:
+In the following sections, we provide best practices and recommendations for setting up Security Hub CSPM to support your vulnerability management program:
@@ -13 +13 @@ In the following sections, we provide best practices and recommendations for set
-  * Setting up Security Hub
+  * Setting up Security Hub CSPM
@@ -15 +15 @@ In the following sections, we provide best practices and recommendations for set
-  * Enabling Security Hub standards
+  * Enabling Security Hub CSPM standards
@@ -17 +17 @@ In the following sections, we provide best practices and recommendations for set
-  * Managing Security Hub findings
+  * Managing Security Hub CSPM findings
@@ -24 +24 @@ In the following sections, we provide best practices and recommendations for set
-## Setting up Security Hub
+## Setting up Security Hub CSPM
@@ -26 +26 @@ In the following sections, we provide best practices and recommendations for set
-For setup instructions, see [Setting up AWS Security Hub](https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-settingup.html). To use Security Hub, you must enable [AWS Config](https://docs.aws.amazon.com/config/latest/developerguide/WhatIsConfig.html). For more information, see [Enabling and configuring AWS Config](https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-prereq-config.html) in the Security Hub documentation.
+For setup instructions, see [Setting up AWS Security Hub CSPM](https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-settingup.html). To use Security Hub CSPM, you must enable [AWS Config](https://docs.aws.amazon.com/config/latest/developerguide/WhatIsConfig.html). For more information, see [Enabling and configuring AWS Config](https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-prereq-config.html) in the Security Hub CSPM documentation.
@@ -28 +28 @@ For setup instructions, see [Setting up AWS Security Hub](https://docs.aws.amazo
-If you are integrated with AWS Organizations, from the organization management account, you designate an account to be the Security Hub delegated administrator. For instructions, see [Designating the Security Hub delegated administrator](https://docs.aws.amazon.com/securityhub/latest/userguide/designate-orgs-admin-account.html#designate-admin-overview). The AWS SRA recommends that you create a [Security Tooling account](https://docs.aws.amazon.com/prescriptive-guidance/latest/security-reference-architecture/security-tooling.html) and use it as the Security Hub delegated administrator.
+If you are integrated with AWS Organizations, from the organization management account, you designate an account to be the Security Hub CSPM delegated administrator. For instructions, see [Designating the Security Hub CSPM delegated administrator](https://docs.aws.amazon.com/securityhub/latest/userguide/designate-orgs-admin-account.html#designate-admin-overview). The AWS SRA recommends that you create a [Security Tooling account](https://docs.aws.amazon.com/prescriptive-guidance/latest/security-reference-architecture/security-tooling.html) and use it as the Security Hub CSPM delegated administrator.
@@ -30 +30 @@ If you are integrated with AWS Organizations, from the organization management a
-The delegated administrator automatically has access to configure Security Hub for all member accounts in the organization and to view findings associated with those accounts. We recommend that you enable AWS ConfigSecurity Hub in all AWS Regions and all of your AWS accounts. You can configure Security Hub to automatically treat new organization accounts as Security Hub member accounts. For instructions, see [Managing member accounts that belong to an organization](https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-accounts-orgs.html).
+The delegated administrator automatically has access to configure Security Hub CSPM for all member accounts in the organization and to view findings associated with those accounts. We recommend that you enable AWS ConfigSecurity Hub CSPM in all AWS Regions and all of your AWS accounts. You can configure Security Hub CSPM to automatically treat new organization accounts as Security Hub CSPM member accounts. For instructions, see [Managing member accounts that belong to an organization](https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-accounts-orgs.html).
@@ -32 +32 @@ The delegated administrator automatically has access to configure Security Hub f
-## Enabling Security Hub standards
+## Enabling Security Hub CSPM standards
@@ -34 +34 @@ The delegated administrator automatically has access to configure Security Hub f
-Security Hub generates findings by running automated and continuous security checks against _security controls_. The controls are associated with one or more _security standards_. The controls help you determine whether the requirements in a standard are being met.
+Security Hub CSPM generates findings by running automated and continuous security checks against _security controls_. The controls are associated with one or more _security standards_. The controls help you determine whether the requirements in a standard are being met.
@@ -36 +36 @@ Security Hub generates findings by running automated and continuous security che
-When you enable a standard in Security Hub, Security Hub automatically enables the controls that apply to the standard. Security Hub uses AWS Config [rules](https://docs.aws.amazon.com/config/latest/developerguide/evaluate-config.html) to perform most of its security checks for controls. You can enable or disable Security Hub standards at any time. For more information, see [Security controls and standards in AWS Security Hub](https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-standards.html). For a complete list of standards, see [Security Hub standards reference](https://docs.aws.amazon.com/securityhub/latest/userguide/standards-reference.html).
+When you enable a standard in Security Hub CSPM, Security Hub CSPM automatically enables the controls that apply to the standard. Security Hub CSPM uses AWS Config [rules](https://docs.aws.amazon.com/config/latest/developerguide/evaluate-config.html) to perform most of its security checks for controls. You can enable or disable Security Hub CSPM standards at any time. For more information, see [Security controls and standards in AWS Security Hub CSPM](https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-standards.html). For a complete list of standards, see [Security Hub CSPM standards reference](https://docs.aws.amazon.com/securityhub/latest/userguide/standards-reference.html).
@@ -40 +40 @@ If your organization does not already have a preferred security standard, we rec
-## Managing Security Hub findings
+## Managing Security Hub CSPM findings
@@ -42 +42 @@ If your organization does not already have a preferred security standard, we rec
-Security Hub provides several features that help you address large volumes of findings from across your organization and understand the security state of your AWS environment. To help you manage findings, we recommend enabling the following two Security Hub features:
+Security Hub CSPM provides several features that help you address large volumes of findings from across your organization and understand the security state of your AWS environment. To help you manage findings, we recommend enabling the following two Security Hub CSPM features:
@@ -46 +46 @@ Security Hub provides several features that help you address large volumes of fi
-  * Use [consolidated control findings](https://docs.aws.amazon.com/securityhub/latest/userguide/controls-findings-create-update.html#consolidated-control-findings) to reduce finding noise by removing duplicate findings. When consolidated control findings is turned on in your account, Security Hub generates a single new finding or finding update for each security check of a control, even if a control applies to multiple enabled standards.
+  * Use [consolidated control findings](https://docs.aws.amazon.com/securityhub/latest/userguide/controls-findings-create-update.html#consolidated-control-findings) to reduce finding noise by removing duplicate findings. When consolidated control findings is turned on in your account, Security Hub CSPM generates a single new finding or finding update for each security check of a control, even if a control applies to multiple enabled standards.
@@ -53 +53 @@ Security Hub provides several features that help you address large volumes of fi
-In addition to generating security findings, you can use Security Hub to aggregate finding data from several AWS services and supported third-party security solutions. This section focuses on sending security findings to Security Hub. The next section, [Prepare to assign security findings](./prepare-finding-assignments.html), discusses how you can integrate Security Hub with products that can receive findings from Security Hub.
+In addition to generating security findings, you can use Security Hub CSPM to aggregate finding data from several AWS services and supported third-party security solutions. This section focuses on sending security findings to Security Hub CSPM. The next section, [Prepare to assign security findings](./prepare-finding-assignments.html), discusses how you can integrate Security Hub CSPM with products that can receive findings from Security Hub CSPM.
@@ -55 +55 @@ In addition to generating security findings, you can use Security Hub to aggrega
-There are many AWS services, third-party products, and open-source solutions available that you can integrate with Security Hub. If you are just getting started, we recommend doing the following:
+There are many AWS services, third-party products, and open-source solutions available that you can integrate with Security Hub CSPM. If you are just getting started, we recommend doing the following:
@@ -57 +57 @@ There are many AWS services, third-party products, and open-source solutions ava
-  1. **Enable integrated AWS services** – Most AWS service integrations that send findings to Security Hub are automatically activated after you enable both Security Hub and the integrated service. For your vulnerability management program, we recommend enabling Amazon Inspector, Amazon GuardDuty, AWS Health, and IAM Access Analyzer in each account. These services automatically send their findings to Security Hub. For a complete list of supported AWS service integrations, see [AWS services that send findings to Security Hub](https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-internal-providers.html).
+  1. **Enable integrated AWS services** – Most AWS service integrations that send findings to Security Hub CSPM are automatically activated after you enable both Security Hub CSPM and the integrated service. For your vulnerability management program, we recommend enabling Amazon Inspector, Amazon GuardDuty, AWS Health, and IAM Access Analyzer in each account. These services automatically send their findings to Security Hub CSPM. For a complete list of supported AWS service integrations, see [AWS services that send findings to Security Hub CSPM](https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-internal-providers.html).
@@ -61 +61 @@ There are many AWS services, third-party products, and open-source solutions ava
-AWS Health sends findings to Security Hub if one of the following conditions are met:
+AWS Health sends findings to Security Hub CSPM if one of the following conditions are met:
@@ -69 +69 @@ AWS Health sends findings to Security Hub if one of the following conditions are
-  2. **Set up third-party integrations** – For a list of the currently supported integrations, see [Available third-party partner product integrations](https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-partner-providers.html). Select any additional tools that can send findings to or receive findings from Security Hub. You might already have some of these third-party tools. Follow the product instructions to configure integration with Security Hub.
+  2. **Set up third-party integrations** – For a list of the currently supported integrations, see [Available third-party partner product integrations](https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-partner-providers.html). Select any additional tools that can send findings to or receive findings from Security Hub CSPM. You might already have some of these third-party tools. Follow the product instructions to configure integration with Security Hub CSPM.