AWS Security ChangesHomeSearch

AWS securityhub documentation change

Service: securityhub · 2026-07-10 · Documentation low

File: securityhub/latest/userguide/securityhub-setup-prereqs.md

Summary

Clarified AWS Config requirements for multicloud standards and added information about automatic service-linked recorders for external cloud resources

Security assessment

The changes provide clearer setup instructions for multicloud security monitoring features but do not address any specific security vulnerability. The update documents existing security feature behavior rather than responding to a security incident.

Diff

diff --git a/securityhub/latest/userguide/securityhub-setup-prereqs.md b/securityhub/latest/userguide/securityhub-setup-prereqs.md
index 0c780714f..f7157b8f4 100644
--- a//securityhub/latest/userguide/securityhub-setup-prereqs.md
+++ b//securityhub/latest/userguide/securityhub-setup-prereqs.md
@@ -18,0 +19,2 @@ If you have Security Hub CSPM enabled without Security Hub, you must manually en
+The AWS Config prerequisites described on this page apply only to AWS security standards, such as AWS Foundational Security Best Practices and CIS AWS Foundations Benchmark. Multicloud standards, such as CIS Azure Foundations Benchmark v4.0.0, do _not_ require you to enable AWS Config recording or configure a configuration recorder. The Security Hub CSPM multicloud connector automatically sets up a service-linked recorder to evaluate external cloud resources. The only prerequisite for multicloud standards is a Security Hub CSPM connector for the external cloud provider.
+