AWS Security ChangesHomeSearch

AWS wellarchitected documentation change

Service: wellarchitected · 2025-12-10 · Documentation low

File: wellarchitected/2025-02-25/framework/sec_securely_operate_control_objectives.md

Summary

Replaced 'Security Hub standards' with 'Security Hub CSPM standards' and updated related references to emphasize CSPM (Cloud Security Posture Management) capabilities.

Security assessment

The change clarifies Security Hub's CSPM functionality but doesn't address a specific vulnerability. It enhances documentation of security posture management features, which are preventative/detective controls.

Diff

diff --git a/wellarchitected/2025-02-25/framework/sec_securely_operate_control_objectives.md b/wellarchitected/2025-02-25/framework/sec_securely_operate_control_objectives.md
index 090ae49ab..ceaffbefb 100644
--- a//wellarchitected/2025-02-25/framework/sec_securely_operate_control_objectives.md
+++ b//wellarchitected/2025-02-25/framework/sec_securely_operate_control_objectives.md
@@ -34 +34 @@ For the control objectives you identify, understand how AWS services you consume
-As you define the controls that achieve your objectives, codify enforcement using preventative controls, and automate mitigations using detective controls. Help prevent non-compliant resource configurations and actions across your AWS Organizations using [service control policies (SCP)](https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scps.html). Implement rules in [AWS Config](https://aws.amazon.com/config/) to monitor and report on non-compliant resources, then switch rules to an enforcement model once confident in their behavior. To deploy sets of pre-defined and managed rules that align to your cybersecurity frameworks, evaluate the use of [AWS Security Hub standards](https://docs.aws.amazon.com/securityhub/latest/userguide/standards-reference.html) as your first option. The AWS Foundational Service Best Practices (FSBP) standard and the CIS AWS Foundations Benchmark are good starting points with controls that align to many objectives that are shared across multiple standard frameworks. Where Security Hub does not intrinsically have the control detections desired, it can be complemented using [AWS Config conformance packs](https://docs.aws.amazon.com/config/latest/developerguide/conformance-packs.html). 
+As you define the controls that achieve your objectives, codify enforcement using preventative controls, and automate mitigations using detective controls. Help prevent non-compliant resource configurations and actions across your AWS Organizations using [service control policies (SCP)](https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scps.html). Implement rules in [AWS Config](https://aws.amazon.com/config/) to monitor and report on non-compliant resources, then switch rules to an enforcement model once confident in their behavior. To deploy sets of pre-defined and managed rules that align to your cybersecurity frameworks, evaluate the use of [AWS Security Hub CSPM standards](https://docs.aws.amazon.com/securityhub/latest/userguide/standards-reference.html) as your first option. The AWS Foundational Service Best Practices (FSBP) standard and the CIS AWS Foundations Benchmark are good starting points with controls that align to many objectives that are shared across multiple standard frameworks. Where Security Hub CSPM does not intrinsically have the control detections desired, it can be complemented using [AWS Config conformance packs](https://docs.aws.amazon.com/config/latest/developerguide/conformance-packs.html). 
@@ -46 +46 @@ Use [APN Partner Bundles](https://aws.amazon.com/partners/programs/gsca/bundles/
-  4. Evaluate deploying Security Hub standards and AWS Config conformance packs that align to your control objectives. 
+  4. Evaluate deploying Security Hub CSPM standards and AWS Config conformance packs that align to your control objectives.