AWS Security ChangesHomeSearch

AWS securityhub documentation change

Service: securityhub · 2026-01-10 · Documentation low

File: securityhub/latest/userguide/securityhub-controls-reference.md

Summary

Added reference entries for new security controls: CloudFormation.4, CloudFront.17, ECS.19, ECS.20, ECS.21 with MEDIUM severity

Security assessment

Expands security controls catalog without evidence of patching vulnerabilities. Documents new preventive security features for infrastructure management.

Diff

diff --git a/securityhub/latest/userguide/securityhub-controls-reference.md b/securityhub/latest/userguide/securityhub-controls-reference.md
index 1a16f3477..d7dc1e124 100644
--- a//securityhub/latest/userguide/securityhub-controls-reference.md
+++ b//securityhub/latest/userguide/securityhub-controls-reference.md
@@ -80,0 +81 @@ Security control ID | Security control title | Applicable standards | Severity |
+[CloudFormation.4](./cloudformation-controls.html#cloudformation-4) | CloudFormation stacks should have associated service roles | AWS Foundational Security Best Practices | MEDIUM |  No | Change triggered  
@@ -94,0 +96 @@ Security control ID | Security control title | Applicable standards | Severity |
+[CloudFront.17](./cloudfront-controls.html#cloudfront-17) | CloudFront distributions should use trusted key groups for signed URLs and cookies | AWS Foundational Security Best Practices v1.0.0 | MEDIUM |  No | Change triggered  
@@ -251,0 +254,3 @@ Security control ID | Security control title | Applicable standards | Severity |
+[ECS.19](./ecs-controls.html#ecs-19) | ECS capacity providers should have managed termination protection enabled | AWS Foundational Security Best Practices | MEDIUM |  No | Change triggered  
+[ECS.20](./ecs-controls.html#ecs-20) | ECS Task Definitions should configure non-root users in Linux container definitions | AWS Foundational Security Best Practices | MEDIUM |  No | Change triggered  
+[ECS.21](./ecs-controls.html#ecs-21) | ECS Task Definitions should configure non-administrator users in Windows container definitions | AWS Foundational Security Best Practices | MEDIUM |  No | Change triggered