AWS Security ChangesHomeSearch

AWS prescriptive-guidance documentation change

Service: prescriptive-guidance · 2026-07-10 · Documentation low

File: prescriptive-guidance/latest/essential-eight-maturity/patch-operating-systems.md

Summary

Updated document title and reorganized Well-Architected Framework best practice links. Changed URL paths from '/security-pillar/' to '/framework/' and adjusted BP references.

Security assessment

Changes involve documentation restructuring and updated links to AWS Well-Architected Framework. No specific vulnerability or security incident is mentioned. The content maintains existing security guidance about patch management without introducing new security features.

Diff

diff --git a/prescriptive-guidance/latest/essential-eight-maturity/patch-operating-systems.md b/prescriptive-guidance/latest/essential-eight-maturity/patch-operating-systems.md
index c61356308..b304ad579 100644
--- a//prescriptive-guidance/latest/essential-eight-maturity/patch-operating-systems.md
+++ b//prescriptive-guidance/latest/essential-eight-maturity/patch-operating-systems.md
@@ -5 +5 @@
-[Documentation](/index.html)[AWS Prescriptive Guidance](https://aws.amazon.com/prescriptive-guidance/)[Reaching Essential Eight maturity on AWS](introduction.html)
+[Documentation](/index.html)[AWS Prescriptive Guidance](https://aws.amazon.com/prescriptive-guidance/)[Reaching Essential Eight maturity on AWS: Security and compliance for Australian organizations](introduction.html)
@@ -17,2 +17,2 @@ Patches, updates or vendor mitigations for security vulnerabilities in operating
-[Share AMIs with the entire organization](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/share-amis-with-organizations-and-OUs.html)[Make sure that application teams are referencing the latest AMIs](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/walkthrough-custom-resources-lambda-lookup-amiids.html)[Use your AMI pipeline for patch management](https://docs.aws.amazon.com/imagebuilder/latest/userguide/security-patch-management.html) | [SEC01-BP05 Reduce security management scope](https://docs.aws.amazon.com/wellarchitected/latest/security-pillar/sec_securely_operate_reduce_management_scope.html)[SEC06-BP01 Perform vulnerability management](https://docs.aws.amazon.com/wellarchitected/latest/security-pillar/sec_protect_compute_vulnerability_management.html)[SEC06-BP03 Reduce manual management and interactive access](https://docs.aws.amazon.com/wellarchitected/latest/security-pillar/sec_protect_compute_reduce_manual_management.html)  
-[Theme 1: Use managed services](./theme-1.html): Enable patching[Theme 3: Manage mutable infrastructure with automation](./theme-3.html): Automate patching | [Enable Patch Manager in all accounts in your AWS organization](https://docs.aws.amazon.com/prescriptive-guidance/latest/patch-management-hybrid-cloud/design-standard.html) | [SEC06-BP01 Perform vulnerability management](https://docs.aws.amazon.com/wellarchitected/latest/security-pillar/sec_protect_compute_vulnerability_management.html)[SEC06-BP05 Automate compute protection](https://docs.aws.amazon.com/wellarchitected/latest/security-pillar/sec_protect_compute_auto_protection.html)  
+[Share AMIs with the entire organization](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/share-amis-with-organizations-and-OUs.html)[Make sure that application teams are referencing the latest AMIs](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/walkthrough-custom-resources-lambda-lookup-amiids.html)[Use your AMI pipeline for patch management](https://docs.aws.amazon.com/imagebuilder/latest/userguide/security-patch-management.html)| [SEC06-BP01 Perform vulnerability management](https://docs.aws.amazon.com/wellarchitected/latest/security-pillar/sec_protect_compute_vulnerability_management.html)[SEC01-BP05 Reduce security management scope](https://docs.aws.amazon.com/wellarchitected/latest/framework/sec_securely_operate_reduce_management_scope.html)[SEC06-BP02 Provision compute from hardened images](https://docs.aws.amazon.com/wellarchitected/latest/framework/sec_protect_compute_hardened_images.html)  
+[Theme 1: Use managed services](./theme-1.html): Enable patching[Theme 3: Manage mutable infrastructure with automation](./theme-3.html): Automate patching| [Enable Patch Manager in all accounts in your AWS organization](https://docs.aws.amazon.com/prescriptive-guidance/latest/patch-management-hybrid-cloud/design-standard.html)| [SEC06-BP04 Automate compute protection](https://docs.aws.amazon.com/wellarchitected/latest/framework/sec_protect_compute_auto_protection.html)[SEC06-BP01 Perform vulnerability management](https://docs.aws.amazon.com/wellarchitected/latest/framework/sec_protect_compute_vulnerability_management.html)  
@@ -25,3 +25,3 @@ Patches, updates or vendor mitigations for security vulnerabilities in operating
-[Share AMIs with the entire organization](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/share-amis-with-organizations-and-OUs.html)[Make sure that application teams are referencing the latest AMIs](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/walkthrough-custom-resources-lambda-lookup-amiids.html)[Use your AMI pipeline for patch management](https://docs.aws.amazon.com/imagebuilder/latest/userguide/security-patch-management.html) | [SEC01-BP05 Reduce security management scope](https://docs.aws.amazon.com/wellarchitected/latest/security-pillar/sec_securely_operate_reduce_management_scope.html)[SEC06-BP01 Perform vulnerability management](https://docs.aws.amazon.com/wellarchitected/latest/security-pillar/sec_protect_compute_vulnerability_management.html)[SEC06-BP02 Provision compute from hardened images](https://docs.aws.amazon.com/wellarchitected/latest/security-pillar/sec_protect_compute_hardened_images.html)  
-[Theme 1: Use managed services](./theme-1.html): Enable patching[Theme 3: Manage mutable infrastructure with automation](./theme-3.html): Automate patching | [Enable Patch Manager in all accounts in your AWS organization](https://docs.aws.amazon.com/prescriptive-guidance/latest/patch-management-hybrid-cloud/design-standard.html) | [SEC06-BP01 Perform vulnerability management](https://docs.aws.amazon.com/wellarchitected/latest/security-pillar/sec_protect_compute_vulnerability_management.html)[SEC06-BP05 Automate compute protection](https://docs.aws.amazon.com/wellarchitected/latest/security-pillar/sec_protect_compute_auto_protection.html)  
-A vulnerability scanner is used at least daily to identify missing patches or updates for security vulnerabilities in operating systems of internet-facing services. | [Theme 1: Use managed services](./theme-1.html): Scan for vulnerabilities[Theme 2: Manage immutable infrastructure through secure pipelines](./theme-2.html): Implement vulnerability scanning[Theme 3: Manage mutable infrastructure with automation](./theme-3.html): Implement vulnerability scanning | [Enable Amazon Inspector in all accounts in your organization](https://docs.aws.amazon.com/inspector/latest/user/designating-admin.html)[Configure enhanced scanning for Amazon ECR repositories by using Amazon Inspector](https://docs.aws.amazon.com/inspector/latest/user/scanning-ecr.html#configure-ecr)[Build a vulnerability management program to triage and remediate security findings](https://docs.aws.amazon.com/prescriptive-guidance/latest/vulnerability-management/) | [SEC01-BP05 Reduce security management scope](https://docs.aws.amazon.com/wellarchitected/latest/security-pillar/sec_securely_operate_reduce_management_scope.html)[SEC06-BP01 Perform vulnerability management](https://docs.aws.amazon.com/wellarchitected/latest/security-pillar/sec_protect_compute_vulnerability_management.html)[SEC06-BP02 Provision compute from hardened images](https://docs.aws.amazon.com/wellarchitected/latest/security-pillar/sec_protect_compute_hardened_images.html)  
+[Share AMIs with the entire organization](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/share-amis-with-organizations-and-OUs.html)[Make sure that application teams are referencing the latest AMIs](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/walkthrough-custom-resources-lambda-lookup-amiids.html)[Use your AMI pipeline for patch management](https://docs.aws.amazon.com/imagebuilder/latest/userguide/security-patch-management.html)| [SEC06-BP01 Perform vulnerability management](https://docs.aws.amazon.com/wellarchitected/latest/security-pillar/sec_protect_compute_vulnerability_management.html)[SEC01-BP05 Reduce security management scope](https://docs.aws.amazon.com/wellarchitected/latest/framework/sec_securely_operate_reduce_management_scope.html)[SEC06-BP02 Provision compute from hardened images](https://docs.aws.amazon.com/wellarchitected/latest/framework/sec_protect_compute_hardened_images.html)  
+[Theme 1: Use managed services](./theme-1.html): Enable patching[Theme 3: Manage mutable infrastructure with automation](./theme-3.html): Automate patching| [Enable Patch Manager in all accounts in your AWS organization](https://docs.aws.amazon.com/prescriptive-guidance/latest/patch-management-hybrid-cloud/design-standard.html)| [SEC06-BP04 Automate compute protection](https://docs.aws.amazon.com/wellarchitected/latest/framework/sec_protect_compute_auto_protection.html)[SEC06-BP01 Perform vulnerability management](https://docs.aws.amazon.com/wellarchitected/latest/framework/sec_protect_compute_vulnerability_management.html)  
+A vulnerability scanner is used at least daily to identify missing patches or updates for security vulnerabilities in operating systems of internet-facing services.| [Theme 1: Use managed services](./theme-1.html): Scan for vulnerabilities[Theme 2: Manage immutable infrastructure through secure pipelines](./theme-2.html): Implement vulnerability scanning[Theme 3: Manage mutable infrastructure with automation](./theme-3.html): Implement vulnerability scanning| [Enable Amazon Inspector in all accounts in your organization](https://docs.aws.amazon.com/inspector/latest/user/designating-admin.html)[Configure enhanced scanning for Amazon ECR repositories by using Amazon Inspector](https://docs.aws.amazon.com/inspector/latest/user/scanning-ecr.html#configure-ecr)[Build a vulnerability management program to triage and remediate security findings](https://docs.aws.amazon.com/prescriptive-guidance/latest/vulnerability-management/)| [SEC06-BP01 Perform vulnerability management](https://docs.aws.amazon.com/wellarchitected/latest/framework/sec_protect_compute_vulnerability_management.html)[SEC01-BP05 Reduce security management scope](https://docs.aws.amazon.com/wellarchitected/latest/framework/sec_securely_operate_reduce_management_scope.html)[SEC06-BP02 Provision compute from hardened images](https://docs.aws.amazon.com/wellarchitected/latest/framework/sec_protect_compute_hardened_images.html)  
@@ -35 +35 @@ The latest release, or the previous release, of operating systems are used for w
-[Share AMIs with the entire organization](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/share-amis-with-organizations-and-OUs.html)[Make sure that application teams are referencing the latest AMIs](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/walkthrough-custom-resources-lambda-lookup-amiids.html)[Use your AMI pipeline for patch management](https://docs.aws.amazon.com/imagebuilder/latest/userguide/security-patch-management.html) | [SEC01-BP05 Reduce security management scope](https://docs.aws.amazon.com/wellarchitected/latest/security-pillar/sec_securely_operate_reduce_management_scope.html)[SEC06-BP01 Perform vulnerability management](https://docs.aws.amazon.com/wellarchitected/latest/security-pillar/sec_protect_compute_vulnerability_management.html)[SEC06-BP02 Provision compute from hardened images](https://docs.aws.amazon.com/wellarchitected/latest/security-pillar/sec_protect_compute_hardened_images.html)  
+[Share AMIs with the entire organization](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/share-amis-with-organizations-and-OUs.html)[Make sure that application teams are referencing the latest AMIs](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/walkthrough-custom-resources-lambda-lookup-amiids.html)[Use your AMI pipeline for patch management](https://docs.aws.amazon.com/imagebuilder/latest/userguide/security-patch-management.html)| [SEC06-BP01 Perform vulnerability management](https://docs.aws.amazon.com/wellarchitected/latest/security-pillar/sec_protect_compute_vulnerability_management.html)[SEC01-BP05 Reduce security management scope](https://docs.aws.amazon.com/wellarchitected/latest/framework/sec_securely_operate_reduce_management_scope.html)[SEC06-BP02 Provision compute from hardened images](https://docs.aws.amazon.com/wellarchitected/latest/framework/sec_protect_compute_hardened_images.html)