AWS Security ChangesHomeSearch

AWS wellarchitected documentation change

Service: wellarchitected · 2025-12-10 · Documentation low

File: wellarchitected/latest/framework/sec_protect_data_rest_key_mgmt.md

Summary

Changed 'Security Hub' to 'Security Hub CSPM' in key management monitoring recommendation

Security assessment

The update only adjusts product naming in existing security guidance. Key rotation and policy monitoring recommendations are unchanged, with no evidence of addressing a specific security flaw or weakness.

Diff

diff --git a/wellarchitected/latest/framework/sec_protect_data_rest_key_mgmt.md b/wellarchitected/latest/framework/sec_protect_data_rest_key_mgmt.md
index 1bda20b9a..6a95364fe 100644
--- a//wellarchitected/latest/framework/sec_protect_data_rest_key_mgmt.md
+++ b//wellarchitected/latest/framework/sec_protect_data_rest_key_mgmt.md
@@ -70 +70 @@ Most AWS services use AWS KMS in a way that is transparent to you \- your only r
-  6. Enable [Security Hub](https://docs.aws.amazon.com/securityhub/latest/userguide/kms-controls.html) to receive notifications if there are misconfigured key policies, keys scheduled for deletion, or keys without automated rotation enabled. 
+  6. Enable [Security Hub CSPM](https://docs.aws.amazon.com/securityhub/latest/userguide/kms-controls.html) to receive notifications if there are misconfigured key policies, keys scheduled for deletion, or keys without automated rotation enabled.