AWS Security ChangesHomeSearch

AWS wellarchitected documentation change

Service: wellarchitected · 2025-12-10 · Documentation low

File: wellarchitected/latest/security-pillar/sec_permissions_emergency_process.md

Summary

Updated AWS Security Hub reference to specify CSPM feature in emergency access monitoring context

Security assessment

Clarifies integration with Security Hub CSPM for auditing emergency access but doesn't indicate any security vulnerability remediation. Enhances documentation about security monitoring capabilities without evidence of patching a security issue.

Diff

diff --git a/wellarchitected/latest/security-pillar/sec_permissions_emergency_process.md b/wellarchitected/latest/security-pillar/sec_permissions_emergency_process.md
index eaad51876..fc6ccab84 100644
--- a//wellarchitected/latest/security-pillar/sec_permissions_emergency_process.md
+++ b//wellarchitected/latest/security-pillar/sec_permissions_emergency_process.md
@@ -68 +68 @@ Consider the following as you design an emergency access process for a failure m
-  * Implement robust logging, monitoring, and alerting mechanisms for the emergency access process and mechanisms. Generate detailed audit logs for all successful and failed attempts to gain emergency access. Correlate the activity with ongoing emergency events from your incident management system, and initiate alerts when actions occur outside of expected time periods or when the emergency access account is used during normal operations. The emergency access account should only be accessed during emergencies, as break-glass procedures can be considered a backdoor. Integrate with your security information and event management (SIEM) tool or [AWS Security Hub](https://aws.amazon.com/security-hub/) to report and audit all activities during the emergency access period. Upon returning to normal operations, automatically rotate the emergency access credentials, and notify the relevant teams. 
+  * Implement robust logging, monitoring, and alerting mechanisms for the emergency access process and mechanisms. Generate detailed audit logs for all successful and failed attempts to gain emergency access. Correlate the activity with ongoing emergency events from your incident management system, and initiate alerts when actions occur outside of expected time periods or when the emergency access account is used during normal operations. The emergency access account should only be accessed during emergencies, as break-glass procedures can be considered a backdoor. Integrate with your security information and event management (SIEM) tool or [AWS Security Hub CSPM](https://aws.amazon.com/security-hub/) to report and audit all activities during the emergency access period. Upon returning to normal operations, automatically rotate the emergency access credentials, and notify the relevant teams.