AWS Audit Manager features

AWS Audit Manager is an AWS service for compliance reporting that helps with IT audit preparation. The service is focused on prepackaged reporting for compliance officers and internal/external auditors. The service consolidates compliance data from AWS Config and AWS Security Hub, and collects audit evidence via API calls to AWS services and from AWS CloudTrail events.

Audit Manager currently provides prebuilt frameworks with mapping of IT controls (a procedure or policy that helps verify a requirement is met) to data sources, reducing the burden of understanding technical details of AWS usage. These frameworks help map your AWS resources to the requirements for industry standards and regulations. Examples of prebuilt frameworks in AWS Audit Manager include the Payment Card Industry Data Security Standard (PCI DSS) V4.0, the Systems and Organization Controls 2 (SOC 2), NIST 800-53 (Rev 5) Low-Moderate-High, the Health Insurance Portability and Accountability Act (HIPAA) Final Omnibus Security Rule 2013, CIS Benchmark for CIS Amazon Web Services Foundations Benchmark v1.2.0 & v1.3.0, CIS Controls v7.1 Implementation Group 1, FedRAMP Moderate Baseline, the General Data Protection Regulation (GDPR), and the GxP 21 CFR part 11. Refer to the full list of supported frameworks in AWS Audit Manager documentation.

AWS Audit Manager allows customization of existing prebuilt frameworks, or creation of custom controls and custom frameworks from scratch. You can define custom controls to collect evidence from AWS managed common controls or from specific data sources to help show you are meeting internal audit and compliance requirements.

AWS Audit Manager offers a library of common controls that helps customers quickly navigate the replication of their own enterprise controls, without needing to map each enterprise control down to the AWS data-source level. All the relevant AWS data sources for evidence (API calls, CloudTrail events, AWS Config rules, Security Hub checks) are mapped to these controls. These mappings are updated automatically, e.g. if a new AWS Config rule is launched, that rule will be added to the relevant common controls. As a result, evidence mappings against a common control provides the latest set of automated evidence available in AWS, without requiring customers to manage or update mappings manually.

Once an assessment has been defined and launched, AWS Audit Manager automatically collects data for the AWS accounts that you defined to be in scope for your audit. The evidence contains both the data captured from that resource as well as metadata that indicates which control the data supports to help you demonstrate security, change management, business continuity, and software licensing compliance. Audit Manager collects and organizes evidence from AWS CloudTrail and other AWS services you may be using, such as AWS Config, AWS Security Hub, and AWS License Manager. You can also manually upload other evidence, such as policy documents, training transcripts, and architecture diagrams, to stay organized.

AWS Audit Manager supports multiple accounts via integration with AWS Organizations. Audit Manager assessments can run over multiple accounts and will collect and consolidate evidence into a delegated administrator account in AWS Organizations.

You can delegate control sets to team members who are specialized in certain topic areas, such as network infrastructure, identity management, software licensing, or personnel policies. The delegation feature enables the support team members to review the control set and related evidence, add comments, upload additional evidence, and update the status of each control.

AWS Audit Manager more easily allows you to sift through thousands of pieces of collected evidence from multiple disparate sources, using search filters and groupings to identify trends and cross-reference issues. This will help you deep dive into issues identified via flagged compliance checks in the service, either in assessments – an automated data collection process against a specific set of controls – or on the AWS Audit Manager dashboard. To start searching through your evidence, go to the left navigation menu in the AWS Audit Manager console and select the ‘Evidence Finder’ page, choose the assessment and time-range you want to search through, and then select the parameters and filters for your search. You can also export evidence from your search results as a comma-separated values (CSV) file. Enabling this feature triggers ingestion and storage of AWS Audit Manager evidence into AWS CloudTrail Lake. CloudTrail Lake pricing applies.

AWS Audit Manager automates evidence collect and organizes the evidence as defined by the control set in the framework you selected. You and your team can review evidence, comment on evidence, upload other supporting evidence, and update the status of each control. You then select the relevant evidence to include in your assessment report and generate a final assessment report to share with your auditors. The final assessment report contains a summary file on your assessment and provides links to an organized set of folders containing related evidence, which are named and organized as defined by the control set in each framework. The Audit Manager assessment report uses cryptographic verification to help you ensure the integrity of the assessment report.

AWS Audit Manager provides features that help reduce the manual effort of third-party risk assessment. One example is the framework-sharing feature that allows you to share custom frameworks with your vendors in accordance with your organization's compliance requirements. Vendors can then gain access to these customized frameworks and use them to create assessments. In Audit Manager, an assessment is used to collect evidence for controls within the scope of your audit. Using the shared framework as a starting point, vendors can create an assessment that collects evidence for the controls in that framework.

Additionally, you can create vendor risk assessment questions and share them with your vendors and partners to collect audit evidence through text responses or documentation. These third parties can then package their responses, along with any uploaded files and automated evidence collected, into an assessment report and share them back with you.

Vendors can also export all of the automated evidence collected in their AWS accounts as a CSV file in evidence finder, making it simpler for them to share evidence with you in a widely supported format.