AWS Security ChangesHomeSearch

AWS wellarchitected documentation change

Service: wellarchitected · 2025-12-10 · Documentation low

File: wellarchitected/latest/management-and-governance-guide/implementation-priorities-3.md

Summary

Replaced 'AWS Security Hub' with 'AWS Security Hub CSPM' in the context of monitoring and guardrail implementation.

Security assessment

The change specifies CSPM usage for security monitoring but doesn't indicate remediation of a security vulnerability. It improves accuracy of security feature documentation without addressing a specific security incident.

Diff

diff --git a/wellarchitected/latest/management-and-governance-guide/implementation-priorities-3.md b/wellarchitected/latest/management-and-governance-guide/implementation-priorities-3.md
index 3f3c0f83c..c901a5e61 100644
--- a//wellarchitected/latest/management-and-governance-guide/implementation-priorities-3.md
+++ b//wellarchitected/latest/management-and-governance-guide/implementation-priorities-3.md
@@ -40 +40 @@ Implement continual monitoring and measurement against industry and security ben
-Prevent changes to this configuration with specific controls and guardrails. AWS Security Hub and AWS Partner tools provide dashboards across a multi-account environment and should be integrated with [event-triggering systems](https://aws.amazon.com/solutions/implementations/aws-security-hub-automated-response-and-remediation/) in AWS for security and incident event management functions. Develop thresholds and metrics based on expected behavior of your environments. Use anomaly detection to identify unintended activities when thresholds are exceeded. Configure and monitor Amazon CloudWatch alarms for exceeded thresholds across IAM activity, resource creation, failed access attempts, policy and configuration changes, VPC-related changes (security groups, NACLs, gateways, and route tables), API calls, and activities in unapproved AWS Regions. 
+Prevent changes to this configuration with specific controls and guardrails. AWS Security Hub CSPM and AWS Partner tools provide dashboards across a multi-account environment and should be integrated with [event-triggering systems](https://aws.amazon.com/solutions/implementations/aws-security-hub-automated-response-and-remediation/) in AWS for security and incident event management functions. Develop thresholds and metrics based on expected behavior of your environments. Use anomaly detection to identify unintended activities when thresholds are exceeded. Configure and monitor Amazon CloudWatch alarms for exceeded thresholds across IAM activity, resource creation, failed access attempts, policy and configuration changes, VPC-related changes (security groups, NACLs, gateways, and route tables), API calls, and activities in unapproved AWS Regions.