AWS Security ChangesHomeSearch

AWS prescriptive-guidance documentation change

Service: prescriptive-guidance · 2026-07-10 · Documentation low

File: prescriptive-guidance/latest/strategy-data-at-rest-encryption/standards.md

Summary

Updated navigation links, added 'considerations' to section header, and reformatted FAQ references

Security assessment

Structural and formatting changes to existing encryption standards. No new security guidance added - maintains existing recommendations about encryption types and key management.

Diff

diff --git a/prescriptive-guidance/latest/strategy-data-at-rest-encryption/standards.md b/prescriptive-guidance/latest/strategy-data-at-rest-encryption/standards.md
index d29847d0e..84e9dc096 100644
--- a//prescriptive-guidance/latest/strategy-data-at-rest-encryption/standards.md
+++ b//prescriptive-guidance/latest/strategy-data-at-rest-encryption/standards.md
@@ -5 +5 @@
-[Documentation](/index.html)[AWS Prescriptive Guidance](https://aws.amazon.com/prescriptive-guidance/)[Creating an enterprise encryption strategy for data at rest](welcome.html)
+[Documentation](/index.html)[AWS Prescriptive Guidance](https://aws.amazon.com/prescriptive-guidance/)[Creating an enterprise encryption strategy for data at rest](introduction.html)
@@ -7 +7 @@
-Cost and performanceKey access controlEncryption typesEncryption key specificationsKey storage location
+Cost and performance considerationsKey access controlEncryption typesEncryption key specificationsKey storage location
@@ -9 +9 @@ Cost and performanceKey access controlEncryption typesEncryption key specificati
-# Encryption standards
+# Standards
@@ -11 +11 @@ Cost and performanceKey access controlEncryption typesEncryption key specificati
-Standards are derived from your policy. These are narrower in scope and help define the framework and architecture for implementation. For example, if your organization’s policy is to encrypt your data at rest, then a standard would define what type of encryption is required and provide general direction about how to adhere to the policy.
+Standards are derived from your policy. These are narrower in scope and help define the framework and architecture for implementation. For example, if your organization's policy is to encrypt your data at rest, then a standard would define what type of encryption is required and provide general direction about how to adhere to the policy.
@@ -77 +77 @@ In your standards, define which encryption types and features are suitable for y
-  * Document when to use symmetric and asymmetric encryption algorithms. For more information, see [When do I need symmetric encryption?](./faq.html#faq-symmetric-encryption) and [When do I need asymmetric encryption?](./faq.html#faq-asymmetric-encryption) in the _FAQ_ section.
+  * Document when to use symmetric and asymmetric encryption algorithms. For more information, see _When do I need symmetric encryption?_ and _When do I need asymmetric encryption?_ in the [FAQ](./faq.html) section.
@@ -79 +79 @@ In your standards, define which encryption types and features are suitable for y
-  * Decide whether you should use envelope encryption, and define the circumstances. For more information, see [When do I need envelope encryption?](./faq.html#faq-envelope-encryption) in the _FAQ_ section.
+  * Decide whether you should use envelope encryption, and define the circumstances. For more information, see _When do I need envelope encryption?_ in the [FAQ](./faq.html) section.
@@ -105 +105 @@ In your standards, consider the following when deciding where to store your encr
-  * Decide whether you want to store keys in a centralized location or with their corresponding data. For more information, see [Why should I centrally manage encryption keys?](./faq.html#faq-central-management) in the _FAQ_ section.
+  * Decide whether you want to store keys in a centralized location or with their corresponding data. For more information, see _Why should I centrally manage encryption keys?_ in the [FAQ](./faq.html) section.
@@ -107 +107 @@ In your standards, consider the following when deciding where to store your encr
-  * If you choose centralized storage, decide whether to store keys in an enterprise-managed infrastructure, such as a hardware security module (HSM), or a managed service provider, such as AWS Key Management Service. For more information, see [When do I need to use a hardware security module (HSM)?](./faq.html#faq-hsm) in the _FAQ_ section.
+  * If you choose centralized storage, decide whether to store keys in an enterprise-managed infrastructure, such as a hardware security module (HSM), or a managed service provider, such as AWS KMS. For more information, see _When do I need to use a hardware security module (HSM)?_ in the [FAQ](./faq.html) section.