AWS securityhub documentation change
Summary
Updated terminology from 'Security Hub controls' to 'Security Hub CSPM controls' across headers and content. Changed references from 'Security Hub' to 'Security Hub CSPM' in control descriptions and AWS Config rule notes. Updated parameter table headers to 'Security Hub CSPM default value'.
Security assessment
Changes are purely terminological (CSPM rebranding) without altering security guidance, controls, or addressing vulnerabilities. The control logic for field-level logging remains unchanged.
Diff
diff --git a/securityhub/latest/userguide/appsync-controls.md b/securityhub/latest/userguide/appsync-controls.md index 5989ebd40..4e16b3378 100644 --- a//securityhub/latest/userguide/appsync-controls.md +++ b//securityhub/latest/userguide/appsync-controls.md @@ -7 +7 @@ -# Security Hub controls for AWS AppSync +# Security Hub CSPM controls for AWS AppSync @@ -9 +9 @@ -These Security Hub controls evaluate the AWS AppSync service and resources. +These Security Hub CSPM controls evaluate the AWS AppSync service and resources. @@ -51 +51 @@ You can't change the encryption settings after enabling caching for your AWS App -Parameter | Description | Type | Allowed custom values | Security Hub default value +Parameter | Description | Type | Allowed custom values | Security Hub CSPM default value @@ -55 +55 @@ Parameter | Description | Type | Allowed custom values | Security Hub default va -This control checks whether an AWS AppSync API has field-level logging turned on. The control fails if the field resolver log level is set to **None**. Unless you provide custom parameter values to indicate that a specific log type should be enabled, Security Hub produces a passed finding if the field resolver log level is either `ERROR` or `ALL`. +This control checks whether an AWS AppSync API has field-level logging turned on. The control fails if the field resolver log level is set to **None**. Unless you provide custom parameter values to indicate that a specific log type should be enabled, Security Hub CSPM produces a passed finding if the field resolver log level is either `ERROR` or `ALL`. @@ -71 +71 @@ To turn on logging for AWS AppSync, see [Setup and configuration](https://docs.a -**AWS Config rule:** `tagged-appsync-graphqlapi` (custom Security Hub rule) +**AWS Config rule:** `tagged-appsync-graphqlapi` (custom Security Hub CSPM rule) @@ -77 +77 @@ To turn on logging for AWS AppSync, see [Setup and configuration](https://docs.a -Parameter | Description | Type | Allowed custom values | Security Hub default value +Parameter | Description | Type | Allowed custom values | Security Hub CSPM default value