AWS Security ChangesHomeSearch

AWS wellarchitected documentation change

Service: wellarchitected · 2025-12-10 · Documentation low

File: wellarchitected/2022-03-31/framework/sec_permissions_analyze_cross_account.md

Summary

Updated AWS Security Hub reference to 'AWS Security Hub CSPM'

Security assessment

Emphasizes CSPM functionality for cross-account governance but does not address a specific security vulnerability. This is a documentation refinement for security posture management capabilities.

Diff

diff --git a/wellarchitected/2022-03-31/framework/sec_permissions_analyze_cross_account.md b/wellarchitected/2022-03-31/framework/sec_permissions_analyze_cross_account.md
index 087e7f2cb..23c4ea039 100644
--- a//wellarchitected/2022-03-31/framework/sec_permissions_analyze_cross_account.md
+++ b//wellarchitected/2022-03-31/framework/sec_permissions_analyze_cross_account.md
@@ -26 +26 @@ In AWS, you can grant access to resources in another account. You grant direct c
-You can also use [AWS Config to report and remediate resources](https://docs.aws.amazon.com/config/latest/developerguide/operational-best-practices-for-Publicly-Accessible-Resources.html) for any accidental public access configuration, through AWS Config policy checks. Services like [AWS Control Tower](https://aws.amazon.com/controltower) and [AWS Security Hub](https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-standards-fsbp.html) simplify deploying checks and guardrails across an AWS Organizations to identify and remediate publicly exposed resources. For example, AWS Control Tower has a managed guardrail which can detect if any [Amazon EBS snapshots are restorable by all AWS accounts](https://docs.aws.amazon.com/controltower/latest/userguide/what-is-control-tower.html).
+You can also use [AWS Config to report and remediate resources](https://docs.aws.amazon.com/config/latest/developerguide/operational-best-practices-for-Publicly-Accessible-Resources.html) for any accidental public access configuration, through AWS Config policy checks. Services like [AWS Control Tower](https://aws.amazon.com/controltower) and [AWS Security Hub CSPM](https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-standards-fsbp.html) simplify deploying checks and guardrails across an AWS Organizations to identify and remediate publicly exposed resources. For example, AWS Control Tower has a managed guardrail which can detect if any [Amazon EBS snapshots are restorable by all AWS accounts](https://docs.aws.amazon.com/controltower/latest/userguide/what-is-control-tower.html).