AWS securityhub documentation change
Summary
Added retirement notice for ECS.1 control and listed alternative controls (ECS.4, ECS.17, ECS.20, ECS.21)
Security assessment
Documents alternative security controls for privileged configuration and network modes, but doesn't address specific vulnerability
Diff
diff --git a/securityhub/latest/userguide/ecs-controls.md b/securityhub/latest/userguide/ecs-controls.md index cb69fd16a..bcd4578dc 100644 --- a//securityhub/latest/userguide/ecs-controls.md +++ b//securityhub/latest/userguide/ecs-controls.md @@ -37,0 +38,11 @@ The purpose of this control is to ensure that access is defined intentionally wh +###### Note + +This control will be retired after February 16, 2026 and removed from all applicable Security Hub CSPM standards. You can refer to the following controls for evaluation of privileged configuration, network mode configuration, and user configuration: + + * [ECS.4] ECS containers should run as non-privileged + * [ECS.17] ECS task definitions should not use host network mode + * [ECS.20] ECS Task Definitions should configure non-root users in Linux container definitions + * [ECS.21] ECS Task Definitions should configure non-administrator users in Windows container definitions + + +