AWS Security ChangesHomeSearch

AWS prescriptive-guidance documentation change

Service: prescriptive-guidance · 2026-07-10 · Documentation low

File: prescriptive-guidance/latest/essential-eight-maturity/patch-applications.md

Summary

Updated document title to include 'Security and compliance for Australian organizations', fixed markdown table formatting, and updated Well-Architected Framework links from 'security-pillar' to 'framework' directory.

Security assessment

Changes are primarily documentation formatting fixes and URL updates without introducing new security content or addressing vulnerabilities. The Essential Eight context is security-related, but these specific changes don't reference exploits, vulnerabilities, or security incidents.

Diff

diff --git a/prescriptive-guidance/latest/essential-eight-maturity/patch-applications.md b/prescriptive-guidance/latest/essential-eight-maturity/patch-applications.md
index 4cb000559..83c68bd03 100644
--- a//prescriptive-guidance/latest/essential-eight-maturity/patch-applications.md
+++ b//prescriptive-guidance/latest/essential-eight-maturity/patch-applications.md
@@ -5 +5 @@
-[Documentation](/index.html)[AWS Prescriptive Guidance](https://aws.amazon.com/prescriptive-guidance/)[Reaching Essential Eight maturity on AWS](introduction.html)
+[Documentation](/index.html)[AWS Prescriptive Guidance](https://aws.amazon.com/prescriptive-guidance/)[Reaching Essential Eight maturity on AWS: Security and compliance for Australian organizations](introduction.html)
@@ -11 +11 @@ Essential Eight control | Implementation guidance | AWS resources | AWS Well-Arc
-An automated method of asset discovery is used at least fortnightly to support the detection of assets for subsequent vulnerability scanning activities. | [Theme 1: Use managed services](./theme-1.html): Scan for vulnerabilities[Theme 2: Manage immutable infrastructure through secure pipelines](./theme-2.html): Implement vulnerability scanning[Theme 3: Manage mutable infrastructure with automation](./theme-3.html): Implement vulnerability scanning | [Enable Amazon Inspector in all accounts in your organization](https://docs.aws.amazon.com/inspector/latest/user/designating-admin.html)[Configure enhanced scanning for Amazon ECR repositories by using Amazon Inspector](https://docs.aws.amazon.com/inspector/latest/user/scanning-ecr.html#configure-ecr)[Build a vulnerability management program to triage and remediate security findings](https://docs.aws.amazon.com/prescriptive-guidance/latest/vulnerability-management/) | [SEC06-BP01 Perform vulnerability management](https://docs.aws.amazon.com/wellarchitected/latest/security-pillar/sec_protect_compute_vulnerability_management.html)[SEC06-BP05 Automate compute protection](https://docs.aws.amazon.com/wellarchitected/latest/security-pillar/sec_protect_compute_auto_protection.html)  
+An automated method of asset discovery is used at least fortnightly to support the detection of assets for subsequent vulnerability scanning activities.| [Theme 1: Use managed services](./theme-1.html): Scan for vulnerabilities[Theme 2: Manage immutable infrastructure through secure pipelines](./theme-2.html): Implement vulnerability scanning[Theme 3: Manage mutable infrastructure with automation](./theme-3.html): Implement vulnerability scanning| [Enable Amazon Inspector in all accounts in your organization](https://docs.aws.amazon.com/inspector/latest/user/designating-admin.html)[Configure enhanced scanning for Amazon ECR repositories by using Amazon Inspector](https://docs.aws.amazon.com/inspector/latest/user/scanning-ecr.html#configure-ecr)[Build a vulnerability management program to triage and remediate security findings](https://docs.aws.amazon.com/prescriptive-guidance/latest/vulnerability-management/)| [SEC06-BP01 Perform vulnerability management](https://docs.aws.amazon.com/wellarchitected/latest/framework/sec_protect_compute_vulnerability_management.html)[SEC06-BP05 Automate compute protection](https://docs.aws.amazon.com/wellarchitected/latest/framework/sec_protect_compute_auto_protection.html)  
@@ -13 +13 @@ An automated method of asset discovery is used at least fortnightly to support t
-A vulnerability scanner with an up-to-date vulnerability database is used for vulnerability scanning activities. | [Theme 1: Use managed services](./theme-1.html): Scan for vulnerabilities[Theme 2: Manage immutable infrastructure through secure pipelines](./theme-2.html): Implement vulnerability scanning[Theme 3: Manage mutable infrastructure with automation](./theme-3.html): Implement vulnerability scanning | [Enable Amazon Inspector in all accounts in your organization](https://docs.aws.amazon.com/inspector/latest/user/designating-admin.html)[Configure enhanced scanning for Amazon ECR repositories by using Amazon Inspector](https://docs.aws.amazon.com/inspector/latest/user/scanning-ecr.html#configure-ecr)[Build a vulnerability management program to triage and remediate security findings](https://docs.aws.amazon.com/prescriptive-guidance/latest/vulnerability-management/) | [SEC06-BP01 Perform vulnerability management](https://docs.aws.amazon.com/wellarchitected/latest/security-pillar/sec_protect_compute_vulnerability_management.html)[SEC06-BP05 Automate compute protection](https://docs.aws.amazon.com/wellarchitected/latest/security-pillar/sec_protect_compute_auto_protection.html)  
+A vulnerability scanner with an up-to-date vulnerability database is used for vulnerability scanning activities.| [Theme 1: Use managed services](./theme-1.html): Scan for vulnerabilities[Theme 2: Manage immutable infrastructure through secure pipelines](./theme-2.html): Implement vulnerability scanning[Theme 3: Manage mutable infrastructure with automation](./theme-3.html): Implement vulnerability scanning| [Enable Amazon Inspector in all accounts in your organization](https://docs.aws.amazon.com/inspector/latest/user/designating-admin.html)[Configure enhanced scanning for Amazon ECR repositories by using Amazon Inspector](https://docs.aws.amazon.com/inspector/latest/user/scanning-ecr.html#configure-ecr)[Build a vulnerability management program to triage and remediate security findings](https://docs.aws.amazon.com/prescriptive-guidance/latest/vulnerability-management/)| [SEC06-BP01 Perform vulnerability management](https://docs.aws.amazon.com/wellarchitected/latest/framework/sec_protect_compute_vulnerability_management.html)[SEC06-BP05 Automate compute protection](https://docs.aws.amazon.com/wellarchitected/latest/framework/sec_protect_compute_auto_protection.html)  
@@ -16,3 +16,3 @@ A vulnerability scanner is used at least weekly to identify missing patches or u
-A vulnerability scanner is used at least fortnightly to identify missing patches or updates for security vulnerabilities in other applications. | [Theme 1: Use managed services](./theme-1.html): Scan for vulnerabilities[Theme 2: Manage immutable infrastructure through secure pipelines](./theme-2.html): Implement vulnerability scanning[Theme 3: Manage mutable infrastructure with automation](./theme-3.html): Implement vulnerability scanning | [Enable Amazon Inspector in all accounts in your organization](https://docs.aws.amazon.com/inspector/latest/user/designating-admin.html)[Configure enhanced scanning for Amazon ECR repositories by using Amazon Inspector](https://docs.aws.amazon.com/inspector/latest/user/scanning-ecr.html#configure-ecr)[Build a vulnerability management program to triage and remediate security findings](https://docs.aws.amazon.com/prescriptive-guidance/latest/vulnerability-management/) | [SEC06-BP01 Perform vulnerability management](https://docs.aws.amazon.com/wellarchitected/latest/security-pillar/sec_protect_compute_vulnerability_management.html)[SEC06-BP05 Automate compute protection](https://docs.aws.amazon.com/wellarchitected/latest/security-pillar/sec_protect_compute_auto_protection.html)  
-Patches, updates or vendor mitigations for security vulnerabilities in internet-facing services are applied within two weeks of release, or within 48 hours if an exploit exists. | [Theme 1: Use managed services](./theme-1.html): Scan for vulnerabilities[Theme 2: Manage immutable infrastructure through secure pipelines](./theme-2.html): Implement vulnerability scanning[Theme 3: Manage mutable infrastructure with automation](./theme-3.html): Implement vulnerability scanning | [Enable Amazon Inspector in all accounts in your organization](https://docs.aws.amazon.com/inspector/latest/user/designating-admin.html)[Configure enhanced scanning for Amazon ECR repositories by using Amazon Inspector](https://docs.aws.amazon.com/inspector/latest/user/scanning-ecr.html#configure-ecr)[Build a vulnerability management program to triage and remediate security findings](https://docs.aws.amazon.com/prescriptive-guidance/latest/vulnerability-management/) | [SEC06-BP01 Perform vulnerability management](https://docs.aws.amazon.com/wellarchitected/latest/security-pillar/sec_protect_compute_vulnerability_management.html)  
-[Theme 3: Manage mutable infrastructure with automation](./theme-3.html): Automate patching | [Enable Patch Manager in all accounts in your AWS organization](https://docs.aws.amazon.com/prescriptive-guidance/latest/patch-management-hybrid-cloud/design-standard.html) | [SEC06-BP01 Perform vulnerability management](https://docs.aws.amazon.com/wellarchitected/latest/security-pillar/sec_protect_compute_vulnerability_management.html)[SEC06-BP05 Automate compute protection](https://docs.aws.amazon.com/wellarchitected/latest/security-pillar/sec_protect_compute_auto_protection.html)  
+A vulnerability scanner is used at least fortnightly to identify missing patches or updates for security vulnerabilities in other applications.| [Theme 1: Use managed services](./theme-1.html): Scan for vulnerabilities[Theme 2: Manage immutable infrastructure through secure pipelines](./theme-2.html): Implement vulnerability scanning[Theme 3: Manage mutable infrastructure with automation](./theme-3.html): Implement vulnerability scanning| [Enable Amazon Inspector in all accounts in your organization](https://docs.aws.amazon.com/inspector/latest/user/designating-admin.html)[Configure enhanced scanning for Amazon ECR repositories by using Amazon Inspector](https://docs.aws.amazon.com/inspector/latest/user/scanning-ecr.html#configure-ecr)[Build a vulnerability management program to triage and remediate security findings](https://docs.aws.amazon.com/prescriptive-guidance/latest/vulnerability-management/)| [SEC06-BP01 Perform vulnerability management](https://docs.aws.amazon.com/wellarchitected/latest/framework/sec_protect_compute_vulnerability_management.html)[SEC06-BP05 Automate compute protection](https://docs.aws.amazon.com/wellarchitected/latest/framework/sec_protect_compute_auto_protection.html)  
+Patches, updates or vendor mitigations for security vulnerabilities in internet-facing services are applied within two weeks of release, or within 48 hours if an exploit exists.| [Theme 1: Use managed services](./theme-1.html): Scan for vulnerabilities[Theme 2: Manage immutable infrastructure through secure pipelines](./theme-2.html): Implement vulnerability scanning[Theme 3: Manage mutable infrastructure with automation](./theme-3.html): Implement vulnerability scanning| [Enable Amazon Inspector in all accounts in your organization](https://docs.aws.amazon.com/inspector/latest/user/designating-admin.html)[Configure enhanced scanning for Amazon ECR repositories by using Amazon Inspector](https://docs.aws.amazon.com/inspector/latest/user/scanning-ecr.html#configure-ecr)[Build a vulnerability management program to triage and remediate security findings](https://docs.aws.amazon.com/prescriptive-guidance/latest/vulnerability-management/)| [SEC06-BP01 Perform vulnerability management](https://docs.aws.amazon.com/wellarchitected/latest/framework/sec_protect_compute_vulnerability_management.html)  
+[Theme 3: Manage mutable infrastructure with automation](./theme-3.html): Automate patching| [Enable Patch Manager in all accounts in your AWS organization](https://docs.aws.amazon.com/prescriptive-guidance/latest/patch-management-hybrid-cloud/design-standard.html)| [SEC06-BP01 Perform vulnerability management](https://docs.aws.amazon.com/wellarchitected/latest/framework/sec_protect_compute_vulnerability_management.html)[SEC06-BP05 Automate compute protection](https://docs.aws.amazon.com/wellarchitected/latest/framework/sec_protect_compute_auto_protection.html)  
@@ -20,3 +20,3 @@ Patches, updates or vendor mitigations for security vulnerabilities in office pr
-Patches, updates or vendor mitigations for security vulnerabilities in other applications are applied within one month of release. | [Theme 1: Use managed services](./theme-1.html): Scan for vulnerabilities[Theme 2: Manage immutable infrastructure through secure pipelines](./theme-2.html): Implement vulnerability scanning[Theme 3: Manage mutable infrastructure with automation](./theme-3.html): Implement vulnerability scanning | [Enable Amazon Inspector in all accounts in your organization](https://docs.aws.amazon.com/inspector/latest/user/designating-admin.html)[Configure enhanced scanning for Amazon ECR repositories by using Amazon Inspector](https://docs.aws.amazon.com/inspector/latest/user/scanning-ecr.html#configure-ecr)[Build a vulnerability management program to triage and remediate security findings](https://docs.aws.amazon.com/prescriptive-guidance/latest/vulnerability-management/) | [SEC06-BP01 Perform vulnerability management](https://docs.aws.amazon.com/wellarchitected/latest/security-pillar/sec_protect_compute_vulnerability_management.html)  
-[Theme 3: Manage mutable infrastructure with automation](./theme-3.html): Automate patching | [Enable Patch Manager in all accounts in your AWS organization](https://docs.aws.amazon.com/prescriptive-guidance/latest/patch-management-hybrid-cloud/design-standard.html) | [SEC06-BP01 Perform vulnerability management](https://docs.aws.amazon.com/wellarchitected/latest/security-pillar/sec_protect_compute_vulnerability_management.html)[SEC06-BP05 Automate compute protection](https://docs.aws.amazon.com/wellarchitected/latest/security-pillar/sec_protect_compute_auto_protection.html)  
-Applications that are no longer supported by vendors are removed. | [Theme 8: Implement mechanisms for manual processes](./theme-8.html): Implement mechanisms to review and address compliance gaps | Consider using [AWS Systems Manager Inventory](https://docs.aws.amazon.com/systems-manager/latest/userguide/systems-manager-inventory.html) to gain visibility into which instances are running software required by your software policy | [SEC06-BP02 Provision compute from hardened images](https://docs.aws.amazon.com/wellarchitected/latest/security-pillar/sec_protect_compute_hardened_images.html)  
+Patches, updates or vendor mitigations for security vulnerabilities in other applications are applied within one month of release.| [Theme 1: Use managed services](./theme-1.html): Scan for vulnerabilities[Theme 2: Manage immutable infrastructure through secure pipelines](./theme-2.html): Implement vulnerability scanning[Theme 3: Manage mutable infrastructure with automation](./theme-3.html): Implement vulnerability scanning| [Enable Amazon Inspector in all accounts in your organization](https://docs.aws.amazon.com/inspector/latest/user/designating-admin.html)[Configure enhanced scanning for Amazon ECR repositories by using Amazon Inspector](https://docs.aws.amazon.com/inspector/latest/user/scanning-ecr.html#configure-ecr)[Build a vulnerability management program to triage and remediate security findings](https://docs.aws.amazon.com/prescriptive-guidance/latest/vulnerability-management/)| [SEC06-BP01 Perform vulnerability management](https://docs.aws.amazon.com/wellarchitected/latest/framework/sec_protect_compute_vulnerability_management.html)  
+[Theme 3: Manage mutable infrastructure with automation](./theme-3.html): Automate patching| [Enable Patch Manager in all accounts in your AWS organization](https://docs.aws.amazon.com/prescriptive-guidance/latest/patch-management-hybrid-cloud/design-standard.html)| [SEC06-BP01 Perform vulnerability management](https://docs.aws.amazon.com/wellarchitected/latest/framework/sec_protect_compute_vulnerability_management.html)[SEC06-BP05 Automate compute protection](https://docs.aws.amazon.com/wellarchitected/latest/framework/sec_protect_compute_auto_protection.html)  
+Applications that are no longer supported by vendors are removed.| [Theme 8: Implement mechanisms for manual processes](./theme-8.html): Implement mechanisms to review and address compliance gaps| Consider using [AWS Systems Manager Inventory](https://docs.aws.amazon.com/systems-manager/latest/userguide/systems-manager-inventory.html) to gain visibility into which instances are running software required by your software policy| [SEC06-BP02 Provision compute from hardened images](https://docs.aws.amazon.com/wellarchitected/latest/framework/sec_protect_compute_hardened_images.html)