AWS securityhub documentation change
Summary
Added 9 new security controls to the reference table covering API Gateway, ELB, RDS, and SageMaker services
Security assessment
The change documents new security best practices controls but doesn't reference any specific vulnerability or incident. The controls focus on encryption, network isolation, and backup retention as preventive measures.
Diff
diff --git a/securityhub/latest/userguide/securityhub-controls-reference.md b/securityhub/latest/userguide/securityhub-controls-reference.md index 073f5848a..62906af3f 100644 --- a//securityhub/latest/userguide/securityhub-controls-reference.md +++ b//securityhub/latest/userguide/securityhub-controls-reference.md @@ -47,0 +48 @@ Security control ID | Security control title | Applicable standards | Severity | +[APIGateway.10](./apigateway-controls.html#apigateway-10) | API Gateway V2 integrations should use HTTPS for private connections | AWS Foundational Security Best Practices v1.0.0 | MEDIUM | No | Change triggered @@ -296,0 +298,2 @@ Security control ID | Security control title | Applicable standards | Severity | +[ELB.21](./elb-controls.html#elb-21) | Application and Network Load Balancer target groups should use encrypted health check protocols | AWS Foundational Security Best Practices v1.0.0 | MEDIUM | No | Change triggered +[ELB.22](./elb-controls.html#elb-22) | ELB target groups should use encrypted transport protocols | AWS Foundational Security Best Practices v1.0.0 | MEDIUM | No | Change triggered @@ -500,0 +504 @@ Security control ID | Security control title | Applicable standards | Severity | +[RDS.50](./rds-controls.html#rds-50) | RDS DB clusters should have enough backup retention period set | AWS Foundational Security Best Practices v1.0.0 | MEDIUM | Yes | Change triggered @@ -553,0 +558,7 @@ Security control ID | Security control title | Applicable standards | Severity | +[SageMaker.9](./sagemaker-controls.html#sagemaker-9) | SageMaker data quality job definitions should have inter-container traffic encryption enabled | AWS Foundational Security Best Practices v1.0.0 | MEDIUM | No | Change triggered +[SageMaker.10](./sagemaker-controls.html#sagemaker-10) | SageMaker model explainability job definitions should have inter-container traffic encryption enabled | AWS Foundational Security Best Practices v1.0.0 | MEDIUM | No | Change triggered +[SageMaker.11](./sagemaker-controls.html#sagemaker-11) | SageMaker data quality job definitions should have network isolation enabled | AWS Foundational Security Best Practices v1.0.0 | MEDIUM | No | Change triggered +[SageMaker.12](./sagemaker-controls.html#sagemaker-12) | SageMaker model bias job definitions should have network isolation enabled | AWS Foundational Security Best Practices v1.0.0 | MEDIUM | No | Change triggered +[SageMaker.13](./sagemaker-controls.html#sagemaker-13) | SageMaker model quality job definitions should have inter-container traffic encryption enabled | AWS Foundational Security Best Practices v1.0.0 | MEDIUM | No | Change triggered +[SageMaker.14](./sagemaker-controls.html#sagemaker-14) | SageMaker monitoring schedules should have network isolation enabled | AWS Foundational Security Best Practices v1.0.0 | MEDIUM | No | Change triggered +[SageMaker.15](./sagemaker-controls.html#sagemaker-15) | SageMaker model bias job definitions should have inter-container traffic encryption enabled | AWS Foundational Security Best Practices v1.0.0 | MEDIUM | No | Change triggered