AWS Audit Manager Documentation

AWS Audit Manager helps you continuously audit your AWS usage to help simplify how you assess risk and compliance with regulations and industry standards. Audit Manager makes it easier to assess if your policies, procedures, and activities, also known as controls, are operating effectively. Audit Manager offers prebuilt frameworks with controls that are mapped to common industry standards and regulations, full customization of frameworks and controls, and automated collection and organization of evidence from your AWS usage as defined by each control requirement. When it is time for an audit, AWS Audit Manager helps you manage stakeholder reviews of your controls.

AWS Audit Manager offers prebuilt frameworks that cover a range of compliance standards, and they are developed with AWS best practices in mind.  These frameworks help map your AWS resources to the requirements for industry standards and regulations.

AWS Audit Manager enables you to build your own framework using either custom controls or AWS-managed controls which help you meet your audit requirements. Customizing an Audit Manager framework helps you evaluate controls in your existing framework for compliance with your particular business requirements. You can define custom controls to collect evidence from specific data sources to help show you are meeting internal audit and compliance requirements. Each piece of evidence becomes a record containing the information you can use to demonstrate compliance with requirements specified by a control.

Once an assessment has been defined and launched, AWS Audit Manager automatically collects data for the AWS account and services you have defined to be in scope for an audit. The evidence contains both the data captured from that resource as well as metadata that indicates which control the data supports to help you demonstrate security, change management, business continuity, and software licensing compliance. Audit Manager collects and organizes evidence from AWS CloudTrail and other AWS services you may be using. You can also manually upload other evidence, such as policy documents, training transcripts, and architecture diagrams, to stay organized.

AWS Audit Manager supports multiple accounts via integration with AWS Organizations. Audit Manager assessments can run over multiple accounts and will collect and consolidate evidence into a delegated administrator account in AWS Organizations.

You can delegate control sets to team members who are specialized in certain topic areas, such as network infrastructure, identity management, software licensing, or personnel policies. The delegation feature enables the support team members to review the control set and related evidence, add comments, upload additional evidence, and update the status of each control.

AWS Audit Manager automates evidence collect and organizes the evidence as defined by the control set in the framework you selected. You and your team can review evidence, comment on evidence, upload other supporting evidence, and update the status of each control. You then select the relevant evidence to include in your assessment report and generate a final assessment report to share with your auditors. The final assessment report contains a summary file on your assessment and provides links to an organized set of folders containing related evidence, which are named and organized as defined by the control set in each framework. The Audit Manager assessment report uses cryptographic verification to help you ensure the integrity of the assessment report.

For additional information about service controls, security features and functionalities, including, as applicable, information about storing, retrieving, modifying, restricting, and deleting data, please see https://docs.aws.amazon.com/index.html. This additional information does not form part of the Documentation for purposes of the AWS Customer Agreement available at http://aws.amazon.com/agreement, or other agreement between you and AWS governing your use of AWS’s services.