AWS Security ChangesHomeSearch

AWS securityhub documentation change

Service: securityhub · 2026-04-25 · Documentation medium

File: securityhub/latest/userguide/securityhub-controls-reference.md

Summary

Added entries for new security controls: BedrockAgentCore.1, BedrockAgentCore.2, RDS.51, and SageMaker.19 in the controls reference table.

Security assessment

This update adds references to new security controls as part of AWS Foundational Security Best Practices, improving documentation coverage. There is no evidence of addressing specific security incidents; it is a routine expansion of security guidance.

Diff

diff --git a/securityhub/latest/userguide/securityhub-controls-reference.md b/securityhub/latest/userguide/securityhub-controls-reference.md
index d1342edca..d04947440 100644
--- a//securityhub/latest/userguide/securityhub-controls-reference.md
+++ b//securityhub/latest/userguide/securityhub-controls-reference.md
@@ -80,0 +81,2 @@ Security control ID | Security control title | Applicable standards | Severity |
+[BedrockAgentCore.1](./bedrockagentcore-controls.html#bedrockagentcore-1) | Bedrock AgentCore runtimes should be configured with VPC network mode | AWS Foundational Security Best Practices | HIGH |  No | Change triggered  
+[BedrockAgentCore.2](./bedrockagentcore-controls.html#bedrockagentcore-2) | Bedrock AgentCore Gateways should require authorization for inbound requests | AWS Foundational Security Best Practices | HIGH |  No | Change triggered  
@@ -506,0 +509 @@ Security control ID | Security control title | Applicable standards | Severity |
+[RDS.51](./rds-controls.html#rds-51) | RDS global clusters should run on a supported Aurora MySQL version | AWS Foundational Security Best Practices | HIGH |  No | Change triggered  
@@ -568,0 +572 @@ Security control ID | Security control title | Applicable standards | Severity |
+[SageMaker.19](./sagemaker-controls.html#sagemaker-19) | SageMaker models should use private registry in VPC for multi-container inference pipelines | AWS Foundational Security Best Practices | MEDIUM |  No | Change triggered