AWS securityhub documentation change
Summary
Added new AWS Foundational Security Best Practices controls: CloudFormation.4 (service roles for stacks), CloudFront.17 (trusted key groups for signed URLs/cookies), and ECS.19/20/21 (termination protection and non-root/non-admin container users)
Security assessment
Documents new security best practices controls but lacks evidence of addressing specific vulnerabilities. Adds preventive measures for service roles, key group validation, and container privilege reduction.
Diff
diff --git a/securityhub/latest/userguide/fsbp-standard.md b/securityhub/latest/userguide/fsbp-standard.md index d000438ef..4c9f4e988 100644 --- a//securityhub/latest/userguide/fsbp-standard.md +++ b//securityhub/latest/userguide/fsbp-standard.md @@ -62,0 +63,2 @@ The following list specifies which AWS Security Hub CSPM controls apply to the A +[[CloudFormation.4] CloudFormation stacks should have associated service roles](./cloudformation-controls.html#cloudformation-4) + @@ -88,0 +91,2 @@ The following list specifies which AWS Security Hub CSPM controls apply to the A +[[CloudFront.17] CloudFront distributions should use trusted key groups for signed URLs and cookies](./cloudfront-controls.html#cloudfront-17) + @@ -256,0 +261,6 @@ The following list specifies which AWS Security Hub CSPM controls apply to the A +[[ECS.19] ECS capacity providers should have managed termination protection enabled](./ecs-controls.html#ecs-19) + +[[ECS.20] ECS Task Definitions should configure non-root users in Linux container definitions](./ecs-controls.html#ecs-20) + +[[ECS.21] ECS Task Definitions should configure non-administrator users in Windows container definitions](./ecs-controls.html#ecs-21) +