Posted On: May 6, 2021

AWS Audit Manager now offers three new prebuilt standard frameworks: NIST Cybersecurity Framework version 1.1, AWS Foundational Security Best Practices, and AWS Well-Architected framework. These frameworks add to the existing prebuilt frameworks provided in Audit Manager. With this release, you can launch an assessment from any of these frameworks with just a few clicks. Audit Manager will map your AWS resources to the requirements in the framework you choose and start gathering evidence automatically to help you scale your audit capability in the cloud as your business grows.

The NIST Cybersecurity Framework (CSF) is supported by governments and industries worldwide as a recommended baseline for use by any organization, regardless of its sector or size. The NIST Cybersecurity Framework consists of three primary components: the framework core, the profiles, and the implementation tiers. The framework core contains desired cybersecurity activities and outcomes organized into 23 categories that cover the breadth of cybersecurity objectives for an organization. The profiles contain an organization's unique alignment of their organizational requirements and objectives, risk appetite, and resources using the desired outcomes of the framework core. The implementation tiers describe the degree to which an organization’s cybersecurity risk management practices exhibit the characteristics defined in the framework core. Audit Manager currently supports the framework core component by offering 56 automated controls and 52 manual controls which are matched to 23 cybersecurity categories defined in the framework core. Audit Manager does not support profile and implementation components in this framework.

The AWS Foundational Security Best Practices is a standard released by AWS Security Hub. This standard offers a set of controls that detect when your deployed accounts and resources deviate from security best practices. The controls contain actionable and prescriptive guidance from across multiple AWS services. Each control is assigned to a category that reflects one security function. All 77 controls in this framework are automated in Audit Manager.

AWS Well-Architected helps cloud architects build secure, high-performing, resilient, and efficient infrastructure for their applications and workloads. This is a a set of recommendations and guidelines available from AWS. The AWS Well-Architected Tool, available at no cost in the AWS management console provides a mechanism for regularly evaluating your workloads, identifying high risk issues, and recording your improvements. Audit Manager now supports the Well-Architected framework to help customers evaluate architecture and implement designs. Al 15 controls in this framework are automated in Audit Manager

The controls offered by Audit Manager in the three frameworks do not guarantee that you will pass an assessment associated with that framework but instead help reduce effort and time in your assessment preparation and review.

These three frameworks are now available in all AWS Regions where AWS Audit Manager is offered. To learn more, see the NIST Cybersecurity Framework version 1.1, AWS Foundational Security Best Practices, and AWS Well-Architected framework in AWS Audit Manager documentation.