AWS Security ChangesHomeSearch

AWS wellarchitected documentation change

Service: wellarchitected · 2025-12-10 · Documentation low

File: wellarchitected/latest/security-pillar/sec_permissions_analyze_cross_account.md

Summary

Updated AWS Security Hub reference to specify CSPM (Cloud Security Posture Management) feature

Security assessment

Change adds specificity about Security Hub's CSPM capabilities but doesn't address a vulnerability. Enhances documentation about security posture management features without evidence of fixing a security flaw.

Diff

diff --git a/wellarchitected/latest/security-pillar/sec_permissions_analyze_cross_account.md b/wellarchitected/latest/security-pillar/sec_permissions_analyze_cross_account.md
index f23f50ec1..347e51713 100644
--- a//wellarchitected/latest/security-pillar/sec_permissions_analyze_cross_account.md
+++ b//wellarchitected/latest/security-pillar/sec_permissions_analyze_cross_account.md
@@ -30 +30 @@ If your account is in AWS Organizations, you can grant access to resources to th
-[AWS Config can report resources](https://docs.aws.amazon.com/config/latest/developerguide/operational-best-practices-for-Publicly-Accessible-Resources.html) that are misconfigured, and through AWS Config policy checks, can detect resources that have public access configured. Services such as [AWS Control Tower](https://aws.amazon.com/controltower/) and [AWS Security Hub](https://docs.aws.amazon.com/securityhub/latest/userguide/what-is-securityhub.html) simplify deploying detective controls and guardrails across AWS Organizations to identify and remediate publicly exposed resources. For example, AWS Control Tower has a managed guardrail which can detect if any [Amazon EBS snapshots are restorable by AWS accounts](https://docs.aws.amazon.com/controltower/latest/userguide/what-is-control-tower.html). 
+[AWS Config can report resources](https://docs.aws.amazon.com/config/latest/developerguide/operational-best-practices-for-Publicly-Accessible-Resources.html) that are misconfigured, and through AWS Config policy checks, can detect resources that have public access configured. Services such as [AWS Control Tower](https://aws.amazon.com/controltower/) and [AWS Security Hub CSPM](https://docs.aws.amazon.com/securityhub/latest/userguide/what-is-securityhub.html) simplify deploying detective controls and guardrails across AWS Organizations to identify and remediate publicly exposed resources. For example, AWS Control Tower has a managed guardrail which can detect if any [Amazon EBS snapshots are restorable by AWS accounts](https://docs.aws.amazon.com/controltower/latest/userguide/what-is-control-tower.html).