AWS marketplace medium security documentation change
Summary
Updated security control language: replaced 'prior' with 'before' in multiple security attestations
Security assessment
Clarifies security controls around secure development (code reviews), data backups, and change notifications. Improves accuracy of existing security documentation but doesn't add new security content. Evidence: Direct modifications to security control descriptions including secure code review timing and change notification processes.
Diff
diff --git a/marketplace/latest/buyerguide/buyer-vendor-insights-view-profile.md b/marketplace/latest/buyerguide/buyer-vendor-insights-view-profile.md index 54a012301..6cd2cdfe5 100644 --- a//marketplace/latest/buyerguide/buyer-vendor-insights-view-profile.md +++ b//marketplace/latest/buyerguide/buyer-vendor-insights-view-profile.md @@ -188,2 +188,2 @@ Application Security 4.1.4 - Secure Software Development Lifecycle - Secure Conn -Application Security 4.1.5 - Secure Software Development Lifecycle - Image Backup | Are application image snapshots backed up? | Specify if image snapshots (such as systems supporting the application and systems hosting customer data) are backed up. If yes, is there a process to ensure that image snapshots containing scoped data are authorized prior to being snapped? Is access control implemented for the image snapshots? | Yes. Images are backed up with customer's and management's approval. -**Application security review** | Application Security 4.2.1 - Application Security Review - Secure Code Review | Is secure code review done prior to each release? | Specify if a security code review is done prior to each release. | Yes +Application Security 4.1.5 - Secure Software Development Lifecycle - Image Backup | Are application image snapshots backed up? | Specify if image snapshots (such as systems supporting the application and systems hosting customer data) are backed up. If yes, is there a process to ensure that image snapshots containing scoped data are authorized before being snapped? Is access control implemented for the image snapshots? | Yes. Images are backed up with customer's and management's approval. +**Application security review** | Application Security 4.2.1 - Application Security Review - Secure Code Review | Is secure code review done before each release? | Specify if a security code review is done before each release. | Yes @@ -202 +202 @@ Application Security 4.4.4 - Change Control Policy - Document and Log Changes | -Application Security 4.4.5 - Change Control Policy - Change Notification for Buyers (Requires manual attestation) | Is there a formal process to ensure customers are notified prior to changes being made which may impact their service? | Specify if customers will be notified prior to making changes that may impact their service. If yes, what is the SLA to notify customers about impacting changes? | Yes. We notify customers 90 days before impacting changes. +Application Security 4.4.5 - Change Control Policy - Change Notification for Buyers (Requires manual attestation) | Is there a formal process to ensure customers are notified before changes being made which may impact their service? | Specify if customers will be notified before making changes that may impact their service. If yes, what is the SLA to notify customers about impacting changes? | Yes. We notify customers 90 days before impacting changes.