AWS Security ChangesHomeSearch

AWS prescriptive-guidance documentation change

Service: prescriptive-guidance · 2026-07-10 · Documentation low

File: prescriptive-guidance/latest/essential-eight-maturity/theme-5.md

Summary

Updated title specificity, reformatted strategy heading, corrected link text and URL, fixed punctuation in network control recommendations, changed AWS Config rules to singular, and updated adjacent theme titles.

Security assessment

Changes are editorial improvements (formatting, punctuation, link updates) without introducing new security concepts or addressing vulnerabilities. The core security content about privilege restrictions and network controls remains unchanged.

Diff

diff --git a/prescriptive-guidance/latest/essential-eight-maturity/theme-5.md b/prescriptive-guidance/latest/essential-eight-maturity/theme-5.md
index 2379efae9..0157bc8cd 100644
--- a//prescriptive-guidance/latest/essential-eight-maturity/theme-5.md
+++ b//prescriptive-guidance/latest/essential-eight-maturity/theme-5.md
@@ -5 +5 @@
-[Documentation](/index.html)[AWS Prescriptive Guidance](https://aws.amazon.com/prescriptive-guidance/)[Reaching Essential Eight maturity on AWS](introduction.html)
+[Documentation](/index.html)[AWS Prescriptive Guidance](https://aws.amazon.com/prescriptive-guidance/)[Reaching Essential Eight maturity on AWS: Security and compliance for Australian organizations](introduction.html)
@@ -7 +7 @@
-Related best practicesImplementing this themeMonitoring this theme
+Related best practices in the AWS Well-Architected FrameworkImplementing this themeMonitoring this theme
@@ -11,3 +11 @@ Related best practicesImplementing this themeMonitoring this theme
-###### Essential Eight strategies covered
-
-Restrict administrative privileges
+**Essential Eight strategy covered** : Restrict administrative privileges
@@ -34 +32 @@ Consider implementing data perimeters between environments of different data cla
-  * [SEC07-BP02 Apply data protection controls based on data sensitivity](https://docs.aws.amazon.com/wellarchitected/latest/security-pillar/sec_data_classification_define_protection.html)
+  * [SEC07-BP02 Define data protection controls based on sensitivity](https://docs.aws.amazon.com/wellarchitected/latest/security-pillar/sec_data_classification_define_protection.html)
@@ -61 +59 @@ Consider implementing data perimeters between environments of different data cla
-  * **Allow identities to access resources only from expected networks** – Use SCPs with the condition keys `aws:SourceIp`, `aws:SourceVpc`, `aws:SourceVpce`, and `aws:ViaAWSService`. This allows your identities to access resources only from expected IP addresses, VPCs, and VPC endpoints, and through AWS services.
+  * **Allow identities to access resources only from expected networks –** Use SCPs with the condition keys `aws:SourceIp`, `aws:SourceVpc`, `aws:SourceVpce`, and `aws:ViaAWSService`. This allows your identities to access resources only from expected IP addresses, VPCs, and VPC endpoints, and through AWS services.
@@ -63 +61 @@ Consider implementing data perimeters between environments of different data cla
-  * **Allow access to your resources only from expected networks** – Use resource-based policies with the condition keys `aws:SourceIp`, `aws:SourceVpc`, `aws:SourceVpce`, `aws:ViaAWSService`, and `aws:PrincipalIsAWSService`. This allows access to your resources only from expected IPs, from expected VPCs, from expected VPC endpoints, through AWS services, or when the calling identity is an AWS service.
+  * **Allow access to your resources only from expected networks –** Use resource-based policies with the condition keys `aws:SourceIp`, `aws:SourceVpc`, `aws:SourceVpce`, `aws:ViaAWSService`, and `aws:PrincipalIsAWSService`. This allows access to your resources only from expected IPs, from expected VPCs, from expected VPC endpoints, through AWS services, or when the calling identity is an AWS service.
@@ -77 +75 @@ Consider implementing data perimeters between environments of different data cla
-### Implement the following AWS Config rules
+### Implement the following AWS Config rule
@@ -90 +88 @@ To use the Amazon Web Services Documentation, Javascript must be enabled. Please
-Theme 4: Identities
+Theme 4: Manage identities
@@ -92 +90 @@ Theme 4: Identities
-Theme 6: Backups
+Theme 6: Automate backups