AWS Security ChangesHomeSearch

AWS wellarchitected documentation change

Service: wellarchitected · 2025-12-10 · Documentation low

File: wellarchitected/2022-03-31/framework/sec_protect_data_rest_automate_protection.md

Summary

Added 'CSPM' to Security Hub reference in data protection automation

Security assessment

Highlights Security Hub's CSPM role in automated data protection controls without evidence of patching a vulnerability. Enhances documentation of security compliance features.

Diff

diff --git a/wellarchitected/2022-03-31/framework/sec_protect_data_rest_automate_protection.md b/wellarchitected/2022-03-31/framework/sec_protect_data_rest_automate_protection.md
index d30ddc617..c1e5deb21 100644
--- a//wellarchitected/2022-03-31/framework/sec_protect_data_rest_automate_protection.md
+++ b//wellarchitected/2022-03-31/framework/sec_protect_data_rest_automate_protection.md
@@ -9 +9 @@ Implementation guidanceResources
-Use automated tools to validate and enforce data at rest controls continuously, for example, verify that there are only encrypted storage resources. You can [automate validation that all EBS volumes are encrypted](https://docs.aws.amazon.com/config/latest/developerguide/encrypted-volumes.html) using [AWS Config Rules](https://docs.aws.amazon.com/config/latest/developerguide/evaluate-config.html). [AWS Security Hub](http://aws.amazon.com/security-hub/) can also verify several different controls through automated checks against security standards. Additionally, your AWS Config Rules can automatically [remediate noncompliant resources](https://docs.aws.amazon.com/config/latest/developerguide/remediation.html#setup-autoremediation). 
+Use automated tools to validate and enforce data at rest controls continuously, for example, verify that there are only encrypted storage resources. You can [automate validation that all EBS volumes are encrypted](https://docs.aws.amazon.com/config/latest/developerguide/encrypted-volumes.html) using [AWS Config Rules](https://docs.aws.amazon.com/config/latest/developerguide/evaluate-config.html). [AWS Security Hub CSPM](http://aws.amazon.com/security-hub/) can also verify several different controls through automated checks against security standards. Additionally, your AWS Config Rules can automatically [remediate noncompliant resources](https://docs.aws.amazon.com/config/latest/developerguide/remediation.html#setup-autoremediation).