AWS wellarchitected documentation change
Summary
Updated 'AWS Security Hub Security Standards' to 'AWS Security Hub CSPM Security Standards' in MFA monitoring context.
Security assessment
Change reflects product naming consistency (CSPM) without altering security practices or addressing vulnerabilities. MFA guidance remains unchanged.
Diff
diff --git a/wellarchitected/latest/framework/sec_identities_audit.md b/wellarchitected/latest/framework/sec_identities_audit.md index 3f8b099ec..5bb06096f 100644 --- a//wellarchitected/latest/framework/sec_identities_audit.md +++ b//wellarchitected/latest/framework/sec_identities_audit.md @@ -32 +32 @@ Periodic validation, preferably through an automated tool, is necessary to verif -We also recommend that you enforce and monitor MFA in your identity provider. You can set up [AWS Config Rules](https://docs.aws.amazon.com/config/latest/developerguide/evaluate-config.html), or use [AWS Security Hub Security Standards](https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-standards-fsbp-controls.html#fsbp-iam-3), to monitor if users have configured MFA. Consider using [IAM Roles Anywhere](https://docs.aws.amazon.com/rolesanywhere/latest/userguide/introduction.html) to provide temporary credentials for machine identities. In situations when using IAM roles and temporary credentials is not possible, frequent auditing and rotating access keys is necessary. +We also recommend that you enforce and monitor MFA in your identity provider. You can set up [AWS Config Rules](https://docs.aws.amazon.com/config/latest/developerguide/evaluate-config.html), or use [AWS Security Hub CSPM Security Standards](https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-standards-fsbp-controls.html#fsbp-iam-3), to monitor if users have configured MFA. Consider using [IAM Roles Anywhere](https://docs.aws.amazon.com/rolesanywhere/latest/userguide/introduction.html) to provide temporary credentials for machine identities. In situations when using IAM roles and temporary credentials is not possible, frequent auditing and rotating access keys is necessary.