AWS Security ChangesHomeSearch

AWS securityhub documentation change

Service: securityhub · 2026-02-25 · Documentation low

File: securityhub/latest/userguide/securityhub-controls-reference.md

Summary

Removed multiple security controls from the reference table including APIGateway.10, ELB.21, ELB.22, RDS.50, and SageMaker.9 through SageMaker.15

Security assessment

The changes remove existing security controls from documentation but provide no evidence of addressing vulnerabilities. This appears to be routine maintenance or deprecation of controls rather than response to security incidents. Removal of security controls documentation could potentially reduce visibility but doesn't directly indicate a resolved security issue.

Diff

diff --git a/securityhub/latest/userguide/securityhub-controls-reference.md b/securityhub/latest/userguide/securityhub-controls-reference.md
index 62906af3f..073f5848a 100644
--- a//securityhub/latest/userguide/securityhub-controls-reference.md
+++ b//securityhub/latest/userguide/securityhub-controls-reference.md
@@ -48 +47,0 @@ Security control ID | Security control title | Applicable standards | Severity |
-[APIGateway.10](./apigateway-controls.html#apigateway-10) |  API Gateway V2 integrations should use HTTPS for private connections  |  AWS Foundational Security Best Practices v1.0.0  |  MEDIUM  |  No  |  Change triggered   
@@ -298,2 +296,0 @@ Security control ID | Security control title | Applicable standards | Severity |
-[ELB.21](./elb-controls.html#elb-21) |  Application and Network Load Balancer target groups should use encrypted health check protocols  |  AWS Foundational Security Best Practices v1.0.0  |  MEDIUM  |  No  |  Change triggered   
-[ELB.22](./elb-controls.html#elb-22) |  ELB target groups should use encrypted transport protocols  |  AWS Foundational Security Best Practices v1.0.0  |  MEDIUM  |  No  |  Change triggered   
@@ -504 +500,0 @@ Security control ID | Security control title | Applicable standards | Severity |
-[RDS.50](./rds-controls.html#rds-50) |  RDS DB clusters should have enough backup retention period set  |  AWS Foundational Security Best Practices v1.0.0  |  MEDIUM  |  Yes  |  Change triggered   
@@ -558,7 +553,0 @@ Security control ID | Security control title | Applicable standards | Severity |
-[SageMaker.9](./sagemaker-controls.html#sagemaker-9) |  SageMaker data quality job definitions should have inter-container traffic encryption enabled  |  AWS Foundational Security Best Practices v1.0.0  |  MEDIUM  |  No  |  Change triggered   
-[SageMaker.10](./sagemaker-controls.html#sagemaker-10) |  SageMaker model explainability job definitions should have inter-container traffic encryption enabled  |  AWS Foundational Security Best Practices v1.0.0  |  MEDIUM  |  No  |  Change triggered   
-[SageMaker.11](./sagemaker-controls.html#sagemaker-11) |  SageMaker data quality job definitions should have network isolation enabled  |  AWS Foundational Security Best Practices v1.0.0  |  MEDIUM  |  No  |  Change triggered   
-[SageMaker.12](./sagemaker-controls.html#sagemaker-12) |  SageMaker model bias job definitions should have network isolation enabled  |  AWS Foundational Security Best Practices v1.0.0  |  MEDIUM  |  No  |  Change triggered   
-[SageMaker.13](./sagemaker-controls.html#sagemaker-13) |  SageMaker model quality job definitions should have inter-container traffic encryption enabled  |  AWS Foundational Security Best Practices v1.0.0  |  MEDIUM  |  No  |  Change triggered   
-[SageMaker.14](./sagemaker-controls.html#sagemaker-14) |  SageMaker monitoring schedules should have network isolation enabled  |  AWS Foundational Security Best Practices v1.0.0  |  MEDIUM  |  No  |  Change triggered   
-[SageMaker.15](./sagemaker-controls.html#sagemaker-15) |  SageMaker model bias job definitions should have inter-container traffic encryption enabled  |  AWS Foundational Security Best Practices v1.0.0  |  MEDIUM  |  No  |  Change triggered