AWS Security ChangesHomeSearch

AWS wellarchitected documentation change

Service: wellarchitected · 2025-12-10 · Documentation low

File: wellarchitected/2023-10-03/framework/sec_identities_audit.md

Summary

Updated reference from 'AWS Security Hub Security Standards' to 'AWS Security Hub CSPM Security Standards' in MFA monitoring guidance.

Security assessment

This change reflects branding alignment (CSPM) without altering the underlying security recommendation for MFA monitoring. The actual security controls and compliance standards referenced remain unchanged.

Diff

diff --git a/wellarchitected/2023-10-03/framework/sec_identities_audit.md b/wellarchitected/2023-10-03/framework/sec_identities_audit.md
index db1d02788..2ec2e43dd 100644
--- a//wellarchitected/2023-10-03/framework/sec_identities_audit.md
+++ b//wellarchitected/2023-10-03/framework/sec_identities_audit.md
@@ -32 +32 @@ Periodic validation, preferably through an automated tool, is necessary to verif
-We also recommend that you enforce and monitor MFA in your identity provider. You can set up [AWS Config Rules](https://docs.aws.amazon.com/config/latest/developerguide/evaluate-config.html), or use [AWS Security Hub Security Standards](https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-standards-fsbp-controls.html#fsbp-iam-3), to monitor if users have configured MFA. Consider using IAM Roles Anywhere to provide temporary credentials for machine identities. In situations when using IAM roles and temporary credentials is not possible, frequent auditing and rotating access keys is necessary. 
+We also recommend that you enforce and monitor MFA in your identity provider. You can set up [AWS Config Rules](https://docs.aws.amazon.com/config/latest/developerguide/evaluate-config.html), or use [AWS Security Hub CSPM Security Standards](https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-standards-fsbp-controls.html#fsbp-iam-3), to monitor if users have configured MFA. Consider using IAM Roles Anywhere to provide temporary credentials for machine identities. In situations when using IAM roles and temporary credentials is not possible, frequent auditing and rotating access keys is necessary.