AWS Security ChangesHomeSearch

AWS security-ir medium security documentation change

Service: security-ir · 2026-02-25 · Security-related medium

File: security-ir/latest/userguide/what-to-expect-from-aws-sir-engineers.md

Summary

Added specific SLO metrics (15-minute response time) and clarified case closure policy after 5 days of inactivity

Security assessment

Documents concrete response timelines for security incidents and introduces operational policies that directly impact security incident handling. While not fixing a vulnerability, it provides critical security process documentation

Diff

diff --git a/security-ir/latest/userguide/what-to-expect-from-aws-sir-engineers.md b/security-ir/latest/userguide/what-to-expect-from-aws-sir-engineers.md
index 0ae513c40..d9bde9a28 100644
--- a//security-ir/latest/userguide/what-to-expect-from-aws-sir-engineers.md
+++ b//security-ir/latest/userguide/what-to-expect-from-aws-sir-engineers.md
@@ -20 +20 @@ When you open an AWS supported case, a Security Incident Response engineer is as
-**Response timeline** : AWS Security Incident Response engineers acknowledge new cases within [X hours/minutes] and provide an initial assessment within [Y hours]. Response times may vary based on case severity and complexity. 
+**Response timeline** : The service level objective (SLO) for acknowledgment of new cases by AWS Security Incident Response engineers is within 15 minutes. The initial assessment timeline might vary based on case severity and complexity. If AWS Security Incident Response engineers don't receive a response or critical information from you within 5 business days, the case is closed.