AWS Security ChangesHomeSearch

AWS managedservices documentation change

Service: managedservices · 2026-01-16 · Documentation low

File: managedservices/latest/userguide/ams-sec-csrm-process.md

Summary

Added sections on risk acceptance validity/review and opt-out process. Clarified security approval workflow for high-risk changes.

Security assessment

The changes document security processes (risk acceptance validity periods and opt-out mechanisms) but don't reference any specific vulnerability, incident, or weakness. They enhance existing security documentation without evidence of addressing a specific security issue.

Diff

diff --git a/managedservices/latest/userguide/ams-sec-csrm-process.md b/managedservices/latest/userguide/ams-sec-csrm-process.md
index 7096b370d..191a08748 100644
--- a//managedservices/latest/userguide/ams-sec-csrm-process.md
+++ b//managedservices/latest/userguide/ams-sec-csrm-process.md
@@ -4,0 +5,2 @@
+Risk acceptance validity and reviewOpt-out
+
@@ -9 +11,9 @@ The AMS Advanced Customer Security Risk Management (CSRM) process helps to clear
-By default, when someone from your organization requests that AMS implement a change to your managed environment, AMS reviews the change to determine if the request falls outside of the technical standards, which might alter the security posture of your account. If there is a high or very high security risk, then the change review is accepted or rejected by your authorized security personnel. Requested changes are also evaluated for adverse effects on AMS's ability to operate the account. If the review finds possible adverse impacts, then additional reviews and approvals are required within AMS. 
+By default, when someone from your organization requests that AMS implement a change to your managed environment, AMS reviews the change to determine if the request falls outside of the technical standards, which might alter the security posture of your account. If there is a high or very high security risk, then your authorized security personnel accept or reject the change review. Requested changes are also evaluated for adverse effects on AMS's ability to operate the account. If the review finds possible adverse impacts, then additional reviews and approvals are required within AMS. 
+
+## Risk acceptance validity and review
+
+Risk acceptances are valid for one year from the date of approval. If a previously accepted risk scenario arises again after one year, the risk acceptance must be reviewed and re-approved before it can be applied. This annual review ensures that risk decisions remain aligned with current technical standards, regulatory requirements, and your organization's evolving risk profile.
+
+## Opt-out
+
+You can opt-out from the approval-based workflow in the CSRM process for high or very high risks. To change the CSRM option for specific accounts from **Standard CSRM** to **Notification Only** , work with your Cloud Service Delivery Managers to create a one-time risk acceptance. If you choose to proceed with the **Notification Only** option, then AMS implements the requested changes regardless of the risk category. And, AMS sends a risk notification to your authorized risk approvers instead of seeking approval prior to the change implementation.
@@ -11 +21 @@ By default, when someone from your organization requests that AMS implement a ch
-You can opt-out from the approval based workflow in the CSRM process for high or very high risks. To change the CSRM option for specific accounts from **Standard CSRM** to **Notification Only** , work with your Cloud Service Delivery Managers to create a one-time risk acceptance. If you choose to proceed with the **Notification Only** option, then AMS implements the requested changes regardless of the risk category. And, AMS sends a risk notification to your authorized risk approvers instead of seeking approval prior to the change implementation. Speak with your Cloud Architects or Cloud Service Delivery Managers for more information about the AMS CSRM process, how to change the default CSRM option when onboarding new AMS accounts, or how to update existing accounts.
+Speak with your Cloud Architects or Cloud Service Delivery Managers for more information about the AMS CSRM process, how to change the default CSRM option when onboarding new AMS accounts, or how to update existing accounts.