AWS Security ChangesHomeSearch

AWS securityhub documentation change

Service: securityhub · 2026-07-10 · Documentation low

File: securityhub/latest/userguide/enable-standards.md

Summary

Added details about multicloud standards requiring CSPM connectors and clarified subscription status behavior when connectors are missing.

Security assessment

Documents how to properly configure multicloud security standards (a security feature) but does not resolve a security vulnerability.

Diff

diff --git a/securityhub/latest/userguide/enable-standards.md b/securityhub/latest/userguide/enable-standards.md
index 2b1535036..17100b870 100644
--- a//securityhub/latest/userguide/enable-standards.md
+++ b//securityhub/latest/userguide/enable-standards.md
@@ -14,0 +15,2 @@ To optimize coverage and the accuracy of findings, enable and configure resource
+Multicloud security standards, such as CIS Azure Foundations Benchmark v4.0.0, have different requirements than AWS standards. Multicloud standards require a Security Hub CSPM connector for the external cloud provider and do not require you to configure AWS Config or manually create a configuration recorder. The Security Hub CSPM multicloud connector automatically sets up a service-linked recorder to evaluate resources in the external cloud environment.
+
@@ -127 +129,3 @@ Security Hub CSPM wasn't able to enable the standard completely for the account.
-To determine why the standard wasn't enabled completely, refer to the information in the `StandardsStatusReason` array. This array specifies issues that prevented Security Hub CSPM from enabling the standard. If an internal error occurred, try enabling the standard for the account again. For other types of issues, [check your AWS Config settings](./securityhub-setup-prereqs.html). You can also [disable individual controls](./disable-controls-overview.html) that you don't want to check, or disable the standard completely.
+For multicloud standards, the subscription enters `INCOMPLETE` with a status reason of `NO_AVAILABLE_MULTICLOUD_CONNECTOR` if you enable the standard without a CSPM connector. The subscription automatically transitions to `READY` when a connector becomes available.
+
+To determine why the standard wasn't able to be enabled completely, refer to the information in the `StandardsStatusReason` array. This array specifies issues that prevented Security Hub CSPM from enabling the standard. If an internal error occurred, try enabling the standard for the account again. For other types of issues, [check your AWS Config settings](./securityhub-setup-prereqs.html). You can also [disable individual controls](./disable-controls-overview.html) that you don't want to check, or disable the standard completely.