diff --git a/security-hub-controls.jsonl b/security-hub-controls.jsonl
index 4e08f91..9b6afbf 100644
--- a/security-hub-controls.jsonl
+++ b/security-hub-controls.jsonl
@@ -10,6 +10,7 @@
 {"Id":"APIGateway.8","Title":"API Gateway routes should specify an authorization type","ApplicableStandards":["AWS Foundational Security Best Practices v1.0.0","Service-Managed Standard: AWS Control Tower","NIST SP 800-53 Rev. 5"],"Severity":"MEDIUM","ScheduleType":"Periodic"}
 {"Id":"APIGateway.9","Title":"Access logging should be configured for API Gateway V2 Stages","ApplicableStandards":["AWS Foundational Security Best Practices v1.0.0","Service-Managed Standard: AWS Control Tower","NIST SP 800-53 Rev. 5"],"Severity":"MEDIUM","ScheduleType":"Change triggered"}
 {"Id":"AppSync.2","Title":"AWS AppSync should have request-level and field-level logging turned on","ApplicableStandards":["AWS Foundational Security Best Practices v1.0.0"],"Severity":"MEDIUM","ScheduleType":"Change triggered"}
+{"Id":"Athena.1","Title":"Athena workgroups should be encrypted at rest","ApplicableStandards":["AWS Foundational Security Best Practices v1.0.0"],"Severity":"MEDIUM","ScheduleType":"Change triggered"}
 {"Id":"AutoScaling.1","Title":"Auto scaling groups associated with a Classic Load Balancer should use load balancer health checks","ApplicableStandards":["AWS Foundational Security Best Practices v1.0.0","Service-Managed Standard: AWS Control Tower","PCI DSS v3.2.1","NIST SP 800-53 Rev. 5"],"Severity":"LOW","ScheduleType":"Change triggered"}
 {"Id":"AutoScaling.2","Title":"Amazon EC2 Auto Scaling group should cover multiple Availability Zones","ApplicableStandards":["AWS Foundational Security Best Practices v1.0.0","Service-Managed Standard: AWS Control Tower","NIST SP 800-53 Rev. 5"],"Severity":"MEDIUM","ScheduleType":"Change triggered"}
 {"Id":"AutoScaling.3","Title":"Auto Scaling group launch configurations should configure EC2 instances to require Instance Metadata Service Version 2 (IMDSv2)","ApplicableStandards":["AWS Foundational Security Best Practices v1.0.0","Service-Managed Standard: AWS Control Tower","NIST SP 800-53 Rev. 5"],"Severity":"HIGH","ScheduleType":"Change triggered"}
@@ -61,6 +62,8 @@
 {"Id":"CodeBuild.5","Title":"CodeBuild project environments should not have privileged mode enabled","ApplicableStandards":["AWS Foundational Security Best Practices v1.0.0","Service-Managed Standard: AWS Control Tower","NIST SP 800-53 Rev. 5"],"Severity":"HIGH","ScheduleType":"Change triggered"}
 {"Id":"Config.1","Title":"AWS Config should be enabled","ApplicableStandards":["CIS AWS Foundations Benchmark v1.2.0","AWS Foundational Security Best Practices v1.0.0","PCI DSS v3.2.1","CIS AWS Foundations Benchmark v1.4.0","NIST SP 800-53 Rev. 5"],"Severity":"MEDIUM","ScheduleType":"Periodic"}
 {"Id":"DMS.1","Title":"Database Migration Service replication instances should not be public","ApplicableStandards":["AWS Foundational Security Best Practices v1.0.0","Service-Managed Standard: AWS Control Tower","PCI DSS v3.2.1","NIST SP 800-53 Rev. 5"],"Severity":"CRITICAL","ScheduleType":"Periodic"}
+{"Id":"DocumentDB.1","Title":"Amazon DocumentDB clusters should be encrypted at rest","ApplicableStandards":["AWS Foundational Security Best Practices v1.0.0","NIST SP 800-53 Rev. 5"],"Severity":"Medium","ScheduleType":"Change triggered"}
+{"Id":"DocumentDB.2","Title":"Amazon DocumentDB clusters should have an adequate backup retention period","ApplicableStandards":["AWS Foundational Security Best Practices v1.0.0","NIST SP 800-53 Rev. 5"],"Severity":"Medium","ScheduleType":"Change triggered"}
 {"Id":"DynamoDB.1","Title":"DynamoDB tables should automatically scale capacity with demand","ApplicableStandards":["AWS Foundational Security Best Practices v1.0.0","Service-Managed Standard: AWS Control Tower","NIST SP 800-53 Rev. 5"],"Severity":"MEDIUM","ScheduleType":"Periodic"}
 {"Id":"DynamoDB.2","Title":"DynamoDB tables should have point-in-time recovery enabled","ApplicableStandards":["AWS Foundational Security Best Practices v1.0.0","Service-Managed Standard: AWS Control Tower","NIST SP 800-53 Rev. 5"],"Severity":"MEDIUM","ScheduleType":"Change triggered"}
 {"Id":"DynamoDB.3","Title":"DynamoDB Accelerator (DAX) clusters should be encrypted at rest","ApplicableStandards":["AWS Foundational Security Best Practices v1.0.0","NIST SP 800-53 Rev. 5"],"Severity":"MEDIUM","ScheduleType":"Periodic"}
@@ -172,6 +175,14 @@
 {"Id":"Lambda.2","Title":"Lambda functions should use supported runtimes","ApplicableStandards":["AWS Foundational Security Best Practices v1.0.0","Service-Managed Standard: AWS Control Tower","NIST SP 800-53 Rev. 5"],"Severity":"MEDIUM","ScheduleType":"Change triggered"}
 {"Id":"Lambda.3","Title":"Lambda functions should be in a VPC","ApplicableStandards":["PCI DSS v3.2.1","NIST SP 800-53 Rev. 5"],"Severity":"LOW","ScheduleType":"Change triggered"}
 {"Id":"Lambda.5","Title":"VPC Lambda functions should operate in more than one Availability Zone","ApplicableStandards":["AWS Foundational Security Best Practices v1.0.0","Service-Managed Standard: AWS Control Tower","NIST SP 800-53 Rev. 5"],"Severity":"MEDIUM","ScheduleType":"Change triggered"}
+{"Id":"Neptune.1","Title":"Neptune DB clusters should be encrypted at rest","ApplicableStandards":["AWS Foundational Security Best Practices v1.0.0","NIST SP 800-53 Rev. 5"],"Severity":"MEDIUM","ScheduleType":"Periodic"}
+{"Id":"Neptune.2","Title":"Neptune DB clusters should publish audit logs to CloudWatch Logs","ApplicableStandards":["AWS Foundational Security Best Practices v1.0.0","NIST SP 800-53 Rev. 5"],"Severity":"MEDIUM","ScheduleType":"Periodic"}
+{"Id":"Neptune.3","Title":"Neptune DB cluster snapshots should not be public","ApplicableStandards":["AWS Foundational Security Best Practices v1.0.0","NIST SP 800-53 Rev. 5"],"Severity":"CRITICAL","ScheduleType":"Change triggered"}
+{"Id":"Neptune.4","Title":"Neptune DB clusters should have deletion protection enabled","ApplicableStandards":["AWS Foundational Security Best Practices v1.0.0","NIST SP 800-53 Rev. 5"],"Severity":"Low","ScheduleType":"Change triggered"}
+{"Id":"Neptune.5","Title":"Neptune DB clusters should have automated backups enabled","ApplicableStandards":["AWS Foundational Security Best Practices v1.0.0","NIST SP 800-53 Rev. 5"],"Severity":"Medium","ScheduleType":"Change triggered"}
+{"Id":"Neptune.6","Title":"Neptune DB cluster snapshots should be encrypted at rest","ApplicableStandards":["AWS Foundational Security Best Practices v1.0.0","NIST SP 800-53 Rev. 5"],"Severity":"Medium","ScheduleType":"Change triggered"}
+{"Id":"Neptune.7","Title":"Neptune DB clusters should have IAM database authentication enabled","ApplicableStandards":["AWS Foundational Security Best Practices v1.0.0","NIST SP 800-53 Rev. 5"],"Severity":"Medium","ScheduleType":"Change triggered"}
+{"Id":"Neptune.8","Title":"Neptune DB clusters should be configured to copy tags to snapshots","ApplicableStandards":["AWS Foundational Security Best Practices v1.0.0","NIST SP 800-53 Rev. 5"],"Severity":"Low","ScheduleType":"Change triggered"}
 {"Id":"NetworkFirewall.3","Title":"Network Firewall policies should have at least one rule group associated","ApplicableStandards":["AWS Foundational Security Best Practices v1.0.0","Service-Managed Standard: AWS Control Tower","NIST SP 800-53 Rev. 5"],"Severity":"MEDIUM","ScheduleType":"Change triggered"}
 {"Id":"NetworkFirewall.4","Title":"The default stateless action for Network Firewall policies should be drop or forward for full packets","ApplicableStandards":["AWS Foundational Security Best Practices v1.0.0","Service-Managed Standard: AWS Control Tower","NIST SP 800-53 Rev. 5"],"Severity":"MEDIUM","ScheduleType":"Change triggered"}
 {"Id":"NetworkFirewall.5","Title":"The default stateless action for Network Firewall policies should be drop or forward for fragmented packets","ApplicableStandards":["AWS Foundational Security Best Practices v1.0.0","Service-Managed Standard: AWS Control Tower","NIST SP 800-53 Rev. 5"],"Severity":"MEDIUM","ScheduleType":"Change triggered"}
@@ -210,6 +221,7 @@
 {"Id":"RDS.24","Title":"RDS Database Clusters should use a custom administrator username","ApplicableStandards":["AWS Foundational Security Best Practices v1.0.0","NIST SP 800-53 Rev. 5"],"Severity":"MEDIUM","ScheduleType":"Change triggered"}
 {"Id":"RDS.25","Title":"RDS database instances should use a custom administrator username","ApplicableStandards":["AWS Foundational Security Best Practices v1.0.0","Service-Managed Standard: AWS Control Tower","NIST SP 800-53 Rev. 5"],"Severity":"MEDIUM","ScheduleType":"Change triggered"}
 {"Id":"RDS.26","Title":"RDS DB instances should be protected by a backup plan","ApplicableStandards":["NIST SP 800-53 Rev. 5"],"Severity":"MEDIUM","ScheduleType":"Periodic"}
+{"Id":"RDS.27","Title":"RDS DB clusters should be encrypted at rest","ApplicableStandards":["AWS Foundational Security Best Practices v1.0.0","NIST SP 800-53 Rev. 5"],"Severity":"MEDIUM","ScheduleType":"Change triggered"}
 {"Id":"Redshift.1","Title":"Amazon Redshift clusters should prohibit public access","ApplicableStandards":["AWS Foundational Security Best Practices v1.0.0","Service-Managed Standard: AWS Control Tower","PCI DSS v3.2.1","NIST SP 800-53 Rev. 5"],"Severity":"CRITICAL","ScheduleType":"Change triggered"}
 {"Id":"Redshift.2","Title":"Connections to Amazon Redshift clusters should be encrypted in transit","ApplicableStandards":["AWS Foundational Security Best Practices v1.0.0","Service-Managed Standard: AWS Control Tower","NIST SP 800-53 Rev. 5"],"Severity":"MEDIUM","ScheduleType":"Change triggered"}
 {"Id":"Redshift.3","Title":"Amazon Redshift clusters should have automatic snapshots enabled","ApplicableStandards":["AWS Foundational Security Best Practices v1.0.0","NIST SP 800-53 Rev. 5"],"Severity":"MEDIUM","ScheduleType":"Change triggered"}