AWS Audit Manager features
Page topics
General
Open allPrebuilt frameworks
Custom frameworks and controls
AWS Audit Manager allows customization of existing prebuilt frameworks, or creation of custom controls and custom frameworks from scratch. You can define custom controls to collect evidence from AWS managed common controls or from specific data sources to help show you are meeting internal audit and compliance requirements.
AWS Audit Manager offers a library of common controls that helps you quickly navigate the replication of your own enterprise controls, without needing to map each enterprise control down to the AWS data source level. All the relevant AWS data sources for evidence (API calls, CloudTrail events, AWS Config rules, Security Hub checks) are mapped to these controls. These mappings are updated automatically. For example, if a new AWS Config rule is launched, that rule will be added to the relevant common controls. As a result, evidence mappings against a common control provides the latest set of automated evidence available in AWS, without requiring you to manage or update mappings manually.
Automated evidence collection
Multi-account evidence collection
Delegation workflow
Search evidence
Audit-ready reports
Third-party risk assessment
AWS Audit Manager provides features that help reduce the manual effort of third-party risk assessment. One example is the framework-sharing feature that allows you to share custom frameworks with your vendors in accordance with your organization's compliance requirements. Vendors can then gain access to these custom frameworks and use them to create assessments . In Audit Manager, an assessment is used to collect evidence for controls within the scope of your audit. Using the shared framework as a starting point, vendors can create an assessment that collects evidence for the controls in that framework.
Additionally, you can create vendor risk assessment questions and share them with your vendors and partners to collect audit evidence through text responses or documentation. These third parties can then package their responses, along with any uploaded files and automated evidence collected, into an assessment report and share them back with you.
Vendors can also export all of the automated evidence collected in their AWS accounts as a CSV file in evidence finder , making it simpler for them to share evidence with you in a widely supported format.
Did you find what you were looking for today?
Let us know so we can improve the quality of the content on our pages