AWS Security ChangesHomeSearch

AWS securityhub documentation change

Service: securityhub · 2026-07-10 · Documentation low

File: securityhub/latest/userguide/configuration-policies-overview.md

Summary

Added note that multicloud standards (e.g., CIS Azure) cannot be included in configuration policies and will throw errors if attempted.

Security assessment

This clarifies a feature limitation but does not address security issues or document security-specific capabilities.

Diff

diff --git a/securityhub/latest/userguide/configuration-policies-overview.md b/securityhub/latest/userguide/configuration-policies-overview.md
index 786addedf..65ca76a06 100644
--- a//securityhub/latest/userguide/configuration-policies-overview.md
+++ b//securityhub/latest/userguide/configuration-policies-overview.md
@@ -36,0 +37,2 @@ If your policy configures a control that isn't available in the home Region or o
+  * **Multicloud standards are not supported in configuration policies** – Configuration policies can only include AWS security standards and controls. Multicloud standards, such as CIS Azure Foundations Benchmark v4.0.0, and their associated controls (for example, `Azure.Storage.1`) cannot be included in a configuration policy. If you include a multicloud standard ARN or control ID in a configuration policy, the request returns an `InvalidInputException`. To enable or configure multicloud standards, use local configuration mechanisms directly in the desired AWS account.
+