From 50202b7658898bcc87ef22628c19cde35e8de944 Mon Sep 17 00:00:00 2001
From: badra001 <donald.e.badrak.ii@census.gov>
Date: Fri, 20 Mar 2026 10:25:42 -0400
Subject: [PATCH] add udpate for security groups

---
 aws/whats-new/terraform-modules/README.md | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/aws/whats-new/terraform-modules/README.md b/aws/whats-new/terraform-modules/README.md
index 82b8e4b3..1199c1f4 100644
--- a/aws/whats-new/terraform-modules/README.md
+++ b/aws/whats-new/terraform-modules/README.md
@@ -1,5 +1,16 @@
 # What's New with [Terraform Modules](https://github.e.it.census.gov/terraform-modules/)
 
+## 2026-03-19: [aws-common-security-groups//it-windows-base]https://github.e.it.census.gov/terraform-modules/aws-common-security-groups/tree/2.11.0/it-windows-base)
+
+This changes refactors the `it-windows-base` security group to use a YAML file (within the module) which sets up the appropriate 
+security group rules. This changes from using specific IP blocks to using Prefix Lists defined in the central network account, so that we may
+more easily adapt to IP changes for services.
+
+* 2.11.0 -- 2026-03-19
+  - it-windows-base
+    - refactor to use prefix lists and a YAML file
+    - remove obsolete servicenow scan rules
+
 ## 2026-03-13: [aws-sso//policies/sc-readonly](https://github.e.it.census.gov/terraform-modules/aws-sso/tree/1.6.0/policies/sc-readonly)
 
 This change moves the `sc-readonly` permissionset into a module, so we can change in one place for all organizations.