AWS Security ChangesHomeSearch

AWS wellarchitected documentation change

Service: wellarchitected · 2025-12-10 · Documentation low

File: wellarchitected/latest/security-pillar/sec_securely_operate_control_objectives.md

Summary

Updated references from 'Security Hub standards' to 'Security Hub CSPM standards' and added CSPM terminology in control implementation guidance

Security assessment

Change reflects rebranding/feature naming update (CSPM = Cloud Security Posture Management) without evidence of vulnerability remediation. Enhances documentation about security features but doesn't address specific vulnerabilities.

Diff

diff --git a/wellarchitected/latest/security-pillar/sec_securely_operate_control_objectives.md b/wellarchitected/latest/security-pillar/sec_securely_operate_control_objectives.md
index f7077c49d..52d704092 100644
--- a//wellarchitected/latest/security-pillar/sec_securely_operate_control_objectives.md
+++ b//wellarchitected/latest/security-pillar/sec_securely_operate_control_objectives.md
@@ -34 +34 @@ For the control objectives you identify, understand how AWS services you consume
-As you define the controls that achieve your objectives, codify enforcement using preventative controls, and automate mitigations using detective controls. Help prevent non-compliant resource configurations and actions across your AWS Organizations using [service control policies (SCP)](https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scps.html). Implement rules in [AWS Config](https://aws.amazon.com/config/) to monitor and report on non-compliant resources, then switch rules to an enforcement model once confident in their behavior. To deploy sets of pre-defined and managed rules that align to your cybersecurity frameworks, evaluate the use of [AWS Security Hub standards](https://docs.aws.amazon.com/securityhub/latest/userguide/standards-reference.html) as your first option. The AWS Foundational Service Best Practices (FSBP) standard and the CIS AWS Foundations Benchmark are good starting points with controls that align to many objectives that are shared across multiple standard frameworks. Where Security Hub does not intrinsically have the control detections desired, it can be complemented using [AWS Config conformance packs](https://docs.aws.amazon.com/config/latest/developerguide/conformance-packs.html). 
+As you define the controls that achieve your objectives, codify enforcement using preventative controls, and automate mitigations using detective controls. Help prevent non-compliant resource configurations and actions across your AWS Organizations using [service control policies (SCP)](https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scps.html). Implement rules in [AWS Config](https://aws.amazon.com/config/) to monitor and report on non-compliant resources, then switch rules to an enforcement model once confident in their behavior. To deploy sets of pre-defined and managed rules that align to your cybersecurity frameworks, evaluate the use of [AWS Security Hub CSPM standards](https://docs.aws.amazon.com/securityhub/latest/userguide/standards-reference.html) as your first option. The AWS Foundational Service Best Practices (FSBP) standard and the CIS AWS Foundations Benchmark are good starting points with controls that align to many objectives that are shared across multiple standard frameworks. Where Security Hub CSPM does not intrinsically have the control detections desired, it can be complemented using [AWS Config conformance packs](https://docs.aws.amazon.com/config/latest/developerguide/conformance-packs.html). 
@@ -46 +46 @@ Use [APN Partner Bundles](https://aws.amazon.com/partners/programs/gsca/bundles/
-  4. Evaluate deploying Security Hub standards and AWS Config conformance packs that align to your control objectives. 
+  4. Evaluate deploying Security Hub CSPM standards and AWS Config conformance packs that align to your control objectives.