AWS Security ChangesHomeSearch

AWS fedramp documentation change

Service: fedramp · 2026-03-28 · Documentation low

File: fedramp/latest/userguide/amazon-aurora-postgresql.md

Summary

Updated FedRAMP requirement identifiers from FRR-RSC-XX format to SCG-XXX format, restructured document to consolidate three requirements under SCG-CSO-RSC, and updated version and date.

Security assessment

This change is an administrative update to documentation structure and naming conventions for FedRAMP requirements. It reorganizes existing security guidance under new requirement codes but does not indicate any specific security vulnerability, incident, or weakness being addressed. The content remains focused on secure configuration guidance for Aurora PostgreSQL.

Diff

diff --git a/fedramp/latest/userguide/amazon-aurora-postgresql.md b/fedramp/latest/userguide/amazon-aurora-postgresql.md
index 8ce0ca78a..92c6bf05c 100644
--- a//fedramp/latest/userguide/amazon-aurora-postgresql.md
+++ b//fedramp/latest/userguide/amazon-aurora-postgresql.md
@@ -3 +3 @@
-Document InformationOverviewFedRAMP RequirementsAdministrative Account ModelFRR-RSC-01: Administrative AccountsFRR-RSC-02: Administrative SettingsFRR-RSC-03: Privileged SettingsIAM Least Privilege PoliciesFRR-RSC-04: Secure DefaultsFRR-RSC-05: Configuration ComparisonFRR-RSC-06: Configuration ExportFRR-RSC-07: API ConfigurationAdditional Resources
+Document InformationOverviewFedRAMP RequirementsAdministrative Account ModelSCG-CSO-RSC: Recommended Secure ConfigurationIAM Least Privilege PoliciesSCG-CSO-SDF: Secure DefaultsSCG-ENH-CMP: Configuration ComparisonSCG-ENH-EXP: Configuration ExportSCG-ENH-API: API ConfigurationAdditional Resources
@@ -11 +11 @@ This guide provides security configuration requirements and implementation examp
-Version |  1.0.0  
+Version |  1.0.2  
@@ -13 +13 @@ Version |  1.0.0
-Last Updated |  2026-01-09  
+Last Updated |  2026-03-26  
@@ -28 +28 @@ Amazon Aurora PostgreSQL must comply with the following FedRAMP requirements:
-  * FRR-RSC-01
+  * SCG-CSO-RSC
@@ -30 +30 @@ Amazon Aurora PostgreSQL must comply with the following FedRAMP requirements:
-  * FRR-RSC-02
+  * SCG-CSO-SDF
@@ -32 +32 @@ Amazon Aurora PostgreSQL must comply with the following FedRAMP requirements:
-  * FRR-RSC-03
+  * SCG-ENH-CMP
@@ -34 +34 @@ Amazon Aurora PostgreSQL must comply with the following FedRAMP requirements:
-  * FRR-RSC-04
+  * SCG-ENH-EXP
@@ -36,5 +36 @@ Amazon Aurora PostgreSQL must comply with the following FedRAMP requirements:
-  * FRR-RSC-05
-
-  * FRR-RSC-06
-
-  * FRR-RSC-07
+  * SCG-ENH-API
@@ -53 +49,7 @@ Account Type |  Database Master User Account
-## FRR-RSC-01: Administrative Accounts
+## SCG-CSO-RSC: Recommended Secure Configuration
+
+**Applicable:** Yes
+
+This requirement consolidates guidance for: 1\. Instructions on how to securely access, configure, operate, and decommission top-level administrative accounts 2\. Explanations of security-related settings that can be operated only by top-level administrative accounts 3\. Explanations of security-related settings that can be operated only by privileged accounts
+
+### Part 1: Administrative Accounts
@@ -228 +230 @@ Amazon Aurora PostgreSQL administrative access is managed through the Master dat
-## FRR-RSC-02: Administrative Settings
+### Part 2: Administrative Settings
@@ -497 +499 @@ The master user account in Amazon Aurora PostgreSQL has the `rds_superuser` role
-## FRR-RSC-03: Privileged Settings
+### Part 3: Privileged Settings
@@ -783 +785 @@ Enable comprehensive logging and monitoring of all privileged account activities
-## FRR-RSC-04: Secure Defaults
+## SCG-CSO-SDF: Secure Defaults
@@ -816 +818 @@ Ensure Aurora PostgreSQL clusters are created with security-first configurations
-## FRR-RSC-05: Configuration Comparison
+## SCG-ENH-CMP: Configuration Comparison
@@ -822 +824 @@ Use AWS Config rules and custom scripts to compare current Aurora PostgreSQL con
-## FRR-RSC-06: Configuration Export
+## SCG-ENH-EXP: Configuration Export
@@ -828 +830 @@ Export Aurora PostgreSQL configuration using AWS CLI describe commands in JSON f
-## FRR-RSC-07: API Configuration
+## SCG-ENH-API: API Configuration