AWS Security ChangesHomeSearch

AWS securityhub medium security documentation change

Service: securityhub · 2026-03-10 · Security-related medium

File: securityhub/latest/userguide/controls-change-log.md

Summary

Added entries for retiring AppSync.1 and AppSync.6 controls, citing AWS AppSync's default encryption as the reason.

Security assessment

The log entries confirm the removal of security controls due to mandatory encryption enforcement, directly tying to improved security posture by eliminating manual configuration requirements.

Diff

diff --git a/securityhub/latest/userguide/controls-change-log.md b/securityhub/latest/userguide/controls-change-log.md
index 4d4e61c15..45593d635 100644
--- a//securityhub/latest/userguide/controls-change-log.md
+++ b//securityhub/latest/userguide/controls-change-log.md
@@ -12,0 +13,2 @@ Date of change | Control ID and title | Description of change
+March 9, 2026 | [AppSync.1] AWS AppSync API caches should be encrypted at rest | Security Hub CSPM retired this control and removed it from the [AWS Foundational Security Best Practices (FSBP) standard](https://docs.aws.amazon.com/securityhub/latest/userguide/fsbp-standard.html). AWS AppSync now provides default encryption on all current and future API caches.  
+March 9, 2026 | [AppSync.6] AWS AppSync API caches should be encrypted in transit | Security Hub CSPM retired this control and removed it from the [AWS Foundational Security Best Practices (FSBP) standard](https://docs.aws.amazon.com/securityhub/latest/userguide/fsbp-standard.html). AWS AppSync now provides default encryption on all current and future API caches.