AWS wellarchitected documentation change
Summary
Updated 'AWS Security Hub' to 'AWS Security Hub CSPM' in monitoring recommendations
Security assessment
Terminology refinement without altering security substance. Emergency access procedures remain identical with no new vulnerabilities addressed.
Diff
diff --git a/wellarchitected/2025-02-25/framework/sec_permissions_emergency_process.md b/wellarchitected/2025-02-25/framework/sec_permissions_emergency_process.md index 24ebefc33..662d2e11a 100644 --- a//wellarchitected/2025-02-25/framework/sec_permissions_emergency_process.md +++ b//wellarchitected/2025-02-25/framework/sec_permissions_emergency_process.md @@ -68 +68 @@ Consider the following as you design an emergency access process for a failure m - * Implement robust logging, monitoring, and alerting mechanisms for the emergency access process and mechanisms. Generate detailed audit logs for all successful and failed attempts to gain emergency access. Correlate the activity with ongoing emergency events from your incident management system, and initiate alerts when actions occur outside of expected time periods or when the emergency access account is used during normal operations. The emergency access account should only be accessed during emergencies, as break-glass procedures can be considered a backdoor. Integrate with your security information and event management (SIEM) tool or [AWS Security Hub](https://aws.amazon.com/security-hub/) to report and audit all activities during the emergency access period. Upon returning to normal operations, automatically rotate the emergency access credentials, and notify the relevant teams. + * Implement robust logging, monitoring, and alerting mechanisms for the emergency access process and mechanisms. Generate detailed audit logs for all successful and failed attempts to gain emergency access. Correlate the activity with ongoing emergency events from your incident management system, and initiate alerts when actions occur outside of expected time periods or when the emergency access account is used during normal operations. The emergency access account should only be accessed during emergencies, as break-glass procedures can be considered a backdoor. Integrate with your security information and event management (SIEM) tool or [AWS Security Hub CSPM](https://aws.amazon.com/security-hub/) to report and audit all activities during the emergency access period. Upon returning to normal operations, automatically rotate the emergency access credentials, and notify the relevant teams.