AWS wellarchitected documentation change
Summary
Updated AWS Security Hub reference to specify CSPM feature in emergency access monitoring context
Security assessment
Clarifies integration with Security Hub CSPM for auditing emergency access but doesn't indicate any security vulnerability remediation. Enhances documentation about security monitoring capabilities without evidence of patching a security issue.
Diff
diff --git a/wellarchitected/latest/security-pillar/sec_permissions_emergency_process.md b/wellarchitected/latest/security-pillar/sec_permissions_emergency_process.md index eaad51876..fc6ccab84 100644 --- a//wellarchitected/latest/security-pillar/sec_permissions_emergency_process.md +++ b//wellarchitected/latest/security-pillar/sec_permissions_emergency_process.md @@ -68 +68 @@ Consider the following as you design an emergency access process for a failure m - * Implement robust logging, monitoring, and alerting mechanisms for the emergency access process and mechanisms. Generate detailed audit logs for all successful and failed attempts to gain emergency access. Correlate the activity with ongoing emergency events from your incident management system, and initiate alerts when actions occur outside of expected time periods or when the emergency access account is used during normal operations. The emergency access account should only be accessed during emergencies, as break-glass procedures can be considered a backdoor. Integrate with your security information and event management (SIEM) tool or [AWS Security Hub](https://aws.amazon.com/security-hub/) to report and audit all activities during the emergency access period. Upon returning to normal operations, automatically rotate the emergency access credentials, and notify the relevant teams. + * Implement robust logging, monitoring, and alerting mechanisms for the emergency access process and mechanisms. Generate detailed audit logs for all successful and failed attempts to gain emergency access. Correlate the activity with ongoing emergency events from your incident management system, and initiate alerts when actions occur outside of expected time periods or when the emergency access account is used during normal operations. The emergency access account should only be accessed during emergencies, as break-glass procedures can be considered a backdoor. Integrate with your security information and event management (SIEM) tool or [AWS Security Hub CSPM](https://aws.amazon.com/security-hub/) to report and audit all activities during the emergency access period. Upon returning to normal operations, automatically rotate the emergency access credentials, and notify the relevant teams.