AWS securityhub documentation change
Summary
Retracted note about ECS.1 control retirement and moved content to Important section with updated retirement date (March 2026). Added references to replacement security controls.
Security assessment
The change retires a control but explicitly references replacement security controls (ECS.4, ECS.17, etc.) that enforce security best practices like non-privileged containers and non-root users. This update documents security features but does not indicate a specific vulnerability being addressed.
Diff
diff --git a/securityhub/latest/userguide/ecs-controls.md b/securityhub/latest/userguide/ecs-controls.md index c5b715d13..43db0f09c 100644 --- a//securityhub/latest/userguide/ecs-controls.md +++ b//securityhub/latest/userguide/ecs-controls.md @@ -12,0 +13,15 @@ These Security Hub CSPM controls evaluate the Amazon Elastic Container Service ( +###### Important + +Security Hub CSPM retired this control in March 2026. For more information, see [Change log for Security Hub CSPM controls](./controls-change-log.html). You can refer to the following controls for evaluation of privileged configuration, network mode configuration, and user configuration: + + * [ECS.4] ECS containers should run as non-privileged + + * [ECS.17] ECS task definitions should not use host network mode + + * [ECS.20] ECS Task Definitions should configure non-root users in Linux container definitions + + * [ECS.21] ECS Task Definitions should configure non-administrator users in Windows container definitions + + + + @@ -38,15 +52,0 @@ The purpose of this control is to ensure that access is defined intentionally wh -###### Note - -This control will be retired after February 16, 2026 and removed from all applicable Security Hub CSPM standards. You can refer to the following controls for evaluation of privileged configuration, network mode configuration, and user configuration: - - * [ECS.4] ECS containers should run as non-privileged - - * [ECS.17] ECS task definitions should not use host network mode - - * [ECS.20] ECS Task Definitions should configure non-root users in Linux container definitions - - * [ECS.21] ECS Task Definitions should configure non-administrator users in Windows container definitions - - - -