AWS securityhub documentation change
Summary
Added clarification that multicloud controls (e.g., Azure) and their resource recording do not affect Config.1 evaluations, which only assess AWS resources. Notes that multicloud uses a service-linked recorder managed by CSPM connectors.
Security assessment
The change explains operational behavior of Config.1 evaluations but does not address security vulnerabilities or document new security features.
Diff
diff --git a/securityhub/latest/userguide/config-controls.md b/securityhub/latest/userguide/config-controls.md index 665e528dc..6841cecad 100644 --- a//securityhub/latest/userguide/config-controls.md +++ b//securityhub/latest/userguide/config-controls.md @@ -20,0 +21,2 @@ When Security Hub CSPM and Security Hub are enabled the Config.1 rule will alway +Multicloud controls (such as Azure controls) and their associated resource recording are not factored into Config.1 evaluations. Multicloud standards always use an internal service-linked configuration recorder that the CSPM multicloud connector sets up automatically, regardless of Security Hub enablement status. Because multicloud recording is fully managed by the connector, it does not affect Config.1 compliance status. Config.1 evaluates only AWS resource recording configuration. +