AWS Security ChangesHomeSearch

AWS systems-manager documentation change

Service: systems-manager · 2026-03-22 · Documentation low

File: systems-manager/latest/userguide/patch-manager-compliance-states.md

Summary

Fixed a typo in 'debian-security' and expanded descriptions for 'MISSING' and 'FAILED' patch compliance states.

Security assessment

The changes improve clarity and fix a typo. While patch management is a security best practice, these updates do not address a specific security issue or add new security documentation.

Diff

diff --git a/systems-manager/latest/userguide/patch-manager-compliance-states.md b/systems-manager/latest/userguide/patch-manager-compliance-states.md
index 92e7859fa..a7c13bcff 100644
--- a//systems-manager/latest/userguide/patch-manager-compliance-states.md
+++ b//systems-manager/latest/userguide/patch-manager-compliance-states.md
@@ -37 +37 @@ Keep the following in mind when you're evaluating the `INSTALLED`, `INSTALLED_OT
-  * `debian-security` (Debian Server
+  * `debian-security` (Debian Server)
@@ -55,2 +55,2 @@ In neither case does it mean that a patch with this status _requires_ a reboot,
-**`MISSING`** |  Packages that are filtered through the baseline and not already installed. | Non-Compliant  
-**`FAILED`** |  Packages that failed to install during the patch operation. | Non-Compliant  
+**`MISSING`** |  The patch is approved in the baseline, but it isn't installed on the managed node. If you configure the `AWS-RunPatchBaseline` document task to scan (instead of install), the system reports this status for patches that were located during the scan but haven't been installed. | Non-Compliant  
+**`FAILED`** |  The patch is approved in the baseline, but it couldn't be installed. To troubleshoot this situation, review the command output for information that might help you understand the problem. | Non-Compliant