Assessments in AWS Audit Manager - AWS Audit Manager

Assessments in AWS Audit Manager

An Audit Manager assessment is based on a framework, which is a grouping of controls. Using the framework of your choice as a starting point, you can create an assessment that collects evidence for the controls in that framework. In your assessment, you can also define the scope of your audit. This includes specifying the AWS accounts and services that you want to collect evidence for.

You can create an assessment from any framework. Either you can use a standard framework that's provided by AWS Audit Manager. Or, you can create an assessment from a custom framework that you build yourself. Standard frameworks contain prebuilt control sets that support a specific compliance standard or regulation. In contrast, custom frameworks contain controls that you can customize and group according to your internal audit requirements. For more information about the differences between standard and custom frameworks, see AWS Audit Manager concepts and terminology.

When you create an assessment, this starts the ongoing collection of evidence. When it's time for an audit, you or a delegate can review this evidence and then add it to an assessment report.

Note

AWS Audit Manager assists in collecting evidence that's relevant for verifying compliance with specific compliance standards and regulations. However, it doesn't assess your compliance itself. The evidence that's collected through AWS Audit Manager therefore might not include all the information about your AWS usage that's needed for audits. AWS Audit Manager isn't a substitute for legal counsel or compliance experts.