AWS Security ChangesHomeSearch

AWS wellarchitected documentation change

Service: wellarchitected · 2025-12-10 · Documentation low

File: wellarchitected/latest/framework/sec_securely_operate_control_objectives.md

Summary

Updated references from 'Security Hub standards' to 'Security Hub CSPM standards' to reflect Cloud Security Posture Management terminology

Security assessment

The change updates terminology to specifically mention CSPM (Cloud Security Posture Management), which is a security feature category. This provides clearer documentation about AWS security capabilities but doesn't address any specific vulnerability or incident.

Diff

diff --git a/wellarchitected/latest/framework/sec_securely_operate_control_objectives.md b/wellarchitected/latest/framework/sec_securely_operate_control_objectives.md
index 8f8a72828..6fcc45c15 100644
--- a//wellarchitected/latest/framework/sec_securely_operate_control_objectives.md
+++ b//wellarchitected/latest/framework/sec_securely_operate_control_objectives.md
@@ -34 +34 @@ For the control objectives you identify, understand how AWS services you consume
-As you define the controls that achieve your objectives, codify enforcement using preventative controls, and automate mitigations using detective controls. Help prevent non-compliant resource configurations and actions across your AWS Organizations using [service control policies (SCP)](https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scps.html). Implement rules in [AWS Config](https://aws.amazon.com/config/) to monitor and report on non-compliant resources, then switch rules to an enforcement model once confident in their behavior. To deploy sets of pre-defined and managed rules that align to your cybersecurity frameworks, evaluate the use of [AWS Security Hub standards](https://docs.aws.amazon.com/securityhub/latest/userguide/standards-reference.html) as your first option. The AWS Foundational Service Best Practices (FSBP) standard and the CIS AWS Foundations Benchmark are good starting points with controls that align to many objectives that are shared across multiple standard frameworks. Where Security Hub does not intrinsically have the control detections desired, it can be complemented using [AWS Config conformance packs](https://docs.aws.amazon.com/config/latest/developerguide/conformance-packs.html). 
+As you define the controls that achieve your objectives, codify enforcement using preventative controls, and automate mitigations using detective controls. Help prevent non-compliant resource configurations and actions across your AWS Organizations using [service control policies (SCP)](https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scps.html). Implement rules in [AWS Config](https://aws.amazon.com/config/) to monitor and report on non-compliant resources, then switch rules to an enforcement model once confident in their behavior. To deploy sets of pre-defined and managed rules that align to your cybersecurity frameworks, evaluate the use of [AWS Security Hub CSPM standards](https://docs.aws.amazon.com/securityhub/latest/userguide/standards-reference.html) as your first option. The AWS Foundational Service Best Practices (FSBP) standard and the CIS AWS Foundations Benchmark are good starting points with controls that align to many objectives that are shared across multiple standard frameworks. Where Security Hub CSPM does not intrinsically have the control detections desired, it can be complemented using [AWS Config conformance packs](https://docs.aws.amazon.com/config/latest/developerguide/conformance-packs.html). 
@@ -46 +46 @@ Use [APN Partner Bundles](https://aws.amazon.com/partners/programs/gsca/bundles/
-  4. Evaluate deploying Security Hub standards and AWS Config conformance packs that align to your control objectives. 
+  4. Evaluate deploying Security Hub CSPM standards and AWS Config conformance packs that align to your control objectives.