AWS Security ChangesHomeSearch

AWS securityhub documentation change

Service: securityhub · 2026-04-10 · Documentation low

File: securityhub/latest/userguide/securityhub-controls-reference.md

Summary

Added references to five new security controls in the controls reference table: APIGateway.11, EC2.183, EKS.9, SageMaker.16, and SageMaker.17

Security assessment

This change updates the reference table to include new security controls. While these controls address security best practices (TLS policies, VPN protocols, Kubernetes versions, and SageMaker security), there is no evidence they were added in response to specific security incidents.

Diff

diff --git a/securityhub/latest/userguide/securityhub-controls-reference.md b/securityhub/latest/userguide/securityhub-controls-reference.md
index 615bbf1f0..6beea62ad 100644
--- a//securityhub/latest/userguide/securityhub-controls-reference.md
+++ b//securityhub/latest/userguide/securityhub-controls-reference.md
@@ -48,0 +49 @@ Security control ID | Security control title | Applicable standards | Severity |
+[APIGateway.11](./apigateway-controls.html#apigateway-11) |  API Gateway domain names should use recommended security policies  |  AWS Foundational Security Best Practices  |  MEDIUM  |  No  |  Change triggered   
@@ -232,0 +234 @@ Security control ID | Security control title | Applicable standards | Severity |
+[EC2.183](./ec2-controls.html#ec2-183) | EC2 VPN connections should use IKEv2 protocol | AWS Foundational Security Best Practices | MEDIUM |  No | Change triggered  
@@ -268,0 +271 @@ Security control ID | Security control title | Applicable standards | Severity |
+[EKS.9](./eks-controls.html#eks-9) | EKS node groups should run on a supported Kubernetes version | AWS Foundational Security Best Practices | HIGH |  No | Change triggered  
@@ -561,0 +565,2 @@ Security control ID | Security control title | Applicable standards | Severity |
+[SageMaker.16](./sagemaker-controls.html#sagemaker-16) | SageMaker models should use private registry in VPC for primary containers | AWS Foundational Security Best Practices | MEDIUM |  No | Change triggered  
+[SageMaker.17](./sagemaker-controls.html#sagemaker-17) | SageMaker feature group offline stores should be encrypted with AWS KMS keys | AWS Foundational Security Best Practices | MEDIUM |  No | Change triggered