AWS wellarchitected documentation change
Summary
Added 'CSPM' to Security Hub reference in data protection automation
Security assessment
Highlights Security Hub's CSPM role in automated data protection controls without evidence of patching a vulnerability. Enhances documentation of security compliance features.
Diff
diff --git a/wellarchitected/2022-03-31/framework/sec_protect_data_rest_automate_protection.md b/wellarchitected/2022-03-31/framework/sec_protect_data_rest_automate_protection.md index d30ddc617..c1e5deb21 100644 --- a//wellarchitected/2022-03-31/framework/sec_protect_data_rest_automate_protection.md +++ b//wellarchitected/2022-03-31/framework/sec_protect_data_rest_automate_protection.md @@ -9 +9 @@ Implementation guidanceResources -Use automated tools to validate and enforce data at rest controls continuously, for example, verify that there are only encrypted storage resources. You can [automate validation that all EBS volumes are encrypted](https://docs.aws.amazon.com/config/latest/developerguide/encrypted-volumes.html) using [AWS Config Rules](https://docs.aws.amazon.com/config/latest/developerguide/evaluate-config.html). [AWS Security Hub](http://aws.amazon.com/security-hub/) can also verify several different controls through automated checks against security standards. Additionally, your AWS Config Rules can automatically [remediate noncompliant resources](https://docs.aws.amazon.com/config/latest/developerguide/remediation.html#setup-autoremediation). +Use automated tools to validate and enforce data at rest controls continuously, for example, verify that there are only encrypted storage resources. You can [automate validation that all EBS volumes are encrypted](https://docs.aws.amazon.com/config/latest/developerguide/encrypted-volumes.html) using [AWS Config Rules](https://docs.aws.amazon.com/config/latest/developerguide/evaluate-config.html). [AWS Security Hub CSPM](http://aws.amazon.com/security-hub/) can also verify several different controls through automated checks against security standards. Additionally, your AWS Config Rules can automatically [remediate noncompliant resources](https://docs.aws.amazon.com/config/latest/developerguide/remediation.html#setup-autoremediation).