AWS securityhub documentation change
Summary
Added entry for June 29, 2026 documenting that EFS.6 control is being added to NIST/PCI standards and will be removed from FSBP standard on July 30, 2026.
Security assessment
The change documents a control migration between compliance standards but doesn't indicate any security vulnerability being fixed. It maintains security documentation by tracking control lifecycle.
Diff
diff --git a/securityhub/latest/userguide/controls-change-log.md b/securityhub/latest/userguide/controls-change-log.md index a6f7af0a1..a05275560 100644 --- a//securityhub/latest/userguide/controls-change-log.md +++ b//securityhub/latest/userguide/controls-change-log.md @@ -14,0 +15 @@ Date of change | Control ID and title | Description of change +June 29, 2026 | [[EFS.6] EFS mount targets should not be associated with subnets that assign public IP addresses on launch](./efs-controls.html#efs-6) | Security Hub CSPM has added this control to the following applicable standards – the [NIST SP 800-53 Rev. 5 standard](https://docs.aws.amazon.com/securityhub/latest/userguide/nist-standard.html), the [NIST SP 800-171 Revision 2 standard](https://docs.aws.amazon.com/securityhub/latest/userguide/standards-reference-nist-800-171.html), and the [PCI DSS v4.0.1 standard](https://docs.aws.amazon.com/securityhub/latest/userguide/pci-standard.html). On July 30, 2026, this control will be removed from the [AWS Foundational Security Best Practices (FSBP) standard](https://docs.aws.amazon.com/securityhub/latest/userguide/fsbp-standard.html).