AWS securityhub documentation change
Summary
Added multiple new security controls to AWS Foundational Security Best Practices standard and updated control titles for clarity
Security assessment
This change expands security documentation by adding 5 new controls (APIGateway.11, EC2.183, EKS.9, SageMaker.16, SageMaker.17) and updating titles of existing controls (EC2.1, EC2.182) for better clarity. While these are security controls, there's no evidence they address specific newly discovered vulnerabilities - they appear to be routine expansion of security best practices coverage.
Diff
diff --git a/securityhub/latest/userguide/fsbp-standard.md b/securityhub/latest/userguide/fsbp-standard.md index 788ce5fcf..961f70e94 100644 --- a//securityhub/latest/userguide/fsbp-standard.md +++ b//securityhub/latest/userguide/fsbp-standard.md @@ -38,0 +39,2 @@ The following list specifies which AWS Security Hub CSPM controls apply to the A +[[APIGateway.11] API Gateway domain names should use recommended security policies](./apigateway-controls.html#apigateway-11) + @@ -171 +173 @@ The following list specifies which AWS Security Hub CSPM controls apply to the A -[[EC2.1] Amazon EBS snapshots should not be publicly restorable](./ec2-controls.html#ec2-1) +[[EC2.1] Amazon EBS snapshots should not be configured to be publicly restorable](./ec2-controls.html#ec2-1) @@ -233 +235,3 @@ The following list specifies which AWS Security Hub CSPM controls apply to the A -[[EC2.182] Amazon EBS Snapshots should not be publicly accessible](./ec2-controls.html#ec2-182) +[[EC2.182] Block public access settings should be enabled for Amazon EBS snapshots](./ec2-controls.html#ec2-182) + +[[EC2.183] EC2 VPN connections should use IKEv2 protocol](./ec2-controls.html#ec2-183) @@ -290,0 +295,2 @@ The following list specifies which AWS Security Hub CSPM controls apply to the A +[[EKS.9] EKS node groups should run on a supported Kubernetes version](./eks-controls.html#eks-9) + @@ -676,0 +683,4 @@ The following list specifies which AWS Security Hub CSPM controls apply to the A +[[SageMaker.16] SageMaker models should use private registry in VPC for primary containers](./sagemaker-controls.html#sagemaker-16) + +[[SageMaker.17] SageMaker feature group offline stores should be encrypted with AWS KMS keys](./sagemaker-controls.html#sagemaker-17) +