Reviewing the details of a control - AWS Audit Manager

Reviewing the details of a control

You can review the details of a control using the Audit Manager console, the Audit Manager API, or the AWS Command Line Interface (AWS CLI).

Audit Manager console
To view control details (console)
  1. Open the AWS Audit Manager console at https://console.aws.amazon.com/auditmanager/home.

  2. In the navigation pane, choose Control library to see a list of available controls.

  3. Choose the Standard controls tab or the Custom controls tab to browse the available controls.

  4. Choose any control name to view the details for that control.

When you open a control, you see a control details page. The sections of this page and their contents are described below.

Summary section

This section provides an overview of the control. It includes the following information:

  • Control name – The name of the control.

  • Control type – Specifies whether the control is a standard control or a custom control.

  • Tags – The number of tags that are associated with the control.

  • Data source types – The number of data source types that are used for this control.

  • Mappings – The number of mapping attributes that are used to retrieve data from a data source.

If you're viewing a custom control, the following details are also displayed:

  • Created by – The account that created the custom control.

  • Creation date – The date when the custom control was created.

  • Last updated – The date when the custom control was last edited.

Details tab

This tab provides a basic overview of the control. It includes the following information:

  • The Description section provides a description of the control.

  • The Testing information section provides a description of the recommended testing procedures for the control.

  • The Action plan section describes the recommended actions to carry out if the control needs to be remediated.

Data sources tab

This tab displays information about the data sources for the control. It includes the following information:

  • Data source name – This applies to custom controls only. It refers to the descriptive name that you gave each data source. You can use this name to distinguish between multiple data sources that fall under the same data source type.

  • Data source type – This specifies where the evidence data comes from.

    • If Audit Manager collects the evidence, the data source can be one of four types: AWS Security Hub, AWS Config, AWS CloudTrail, or AWS API calls.

    • If you upload your own evidence, the data source type is Manual. A description indicates if the required manual evidence is a File upload or a Text response.

  • Mapping – This is the mapping attribute that's used to identify and retrieve data from the data source.

    • If the data source type is AWS Config, the mapping is the name of a specific AWS Config rule (for example, EC2_INSTANCE_MANAGED_BY_SSM). Audit Manager uses this mapping to report the result of that rule check directly from AWS Config.

    • If the data source type is AWS Security Hub, the mapping is the name of a specific Security Hub control (for example, 1.1 – Avoid the use of the "root" account). Audit Manager uses this mapping to report the result of that security check directly from Security Hub.

    • If the data source type is AWS API calls, the mapping is the name of a specific API call (for example, ec2_DescribeSecurityGroups). Audit Manager uses this mapping to collect the API response.

    • If the data source is AWS CloudTrail, the mapping is the name of a specific CloudTrail event (for example, CreateAccessKey). Audit Manager uses this mapping to collect the related user activity from your CloudTrail logs.

  • Frequency – This specifies how often Audit Manager collects evidence from the data source. The frequency varies depending on the data source type. For more information, choose the value in the column or see Evidence collection frequency.

Tags tab

This tab lists the tags that are associated with the control. It includes the following information:

  • Key – The tag key (for example, a compliance standard, regulation, or category).

  • Value – The tag value.

AWS CLI
To view control details (AWS CLI)
  1. To identify the control that you want to review, run the list-controls command and specify a --control-type. Either, you can retrieve a list of standard controls. Or, you can retrieve a list of custom controls.

    In the following example, replace the placeholder text with either Custom or Standard.

    aws auditmanager list-controls --control-type Custom/Standard

    The response returns a list of controls. Find the control that you want to review, and take note of the control ID and Amazon Resource Name (ARN).

  2. To get the control details, run the get-control command and specify the --control-id.

    In the following example, replace the placeholder text with your own information.

    aws auditmanager get-control --control-id a1b2c3d4-5678-90ab-cdef-EXAMPLE11111

    The control details are returned in JSON format. To understand this data, see get-control Output in the AWS CLI Command Reference.

  3. To see the tags for a control, use the list-tags-for-resource command and specify the --resource-arn for the control.

    In the following example, replace the placeholder text with your own information:

    aws auditmanager list-tags-for-resource --resource-arn arn:aws:auditmanager:us-east-1:111122223333:control/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111

    For more information about tags in Audit Manager, see Tagging AWS Audit Manager resources.

Audit Manager API
To view control details (API)
  1. To identify the control that you want to review, use the ListControls operation and specify a controlType. Either, you can return a list of standard controls. Or, you can return a list of custom controls.

    From the response, find the control that you want to review, and take note of the control ID and its Amazon Resource Name (ARN).

  2. To get the control details, use the GetControl operation. In the request, specify the controlId that you got from step 1.

    The control details are returned in JSON format. To understand this data, see GetControl Response Elements in the AWS Audit Manager API Reference.

  3. To see tags for the control, use the ListTagsForResource operation. In the request, specify the control resourceArn that you got from step 1.

For more information about tags in Audit Manager, see Tagging AWS Audit Manager resources.

For more information about these API operations, choose any of the previous links to read more in the AWS Audit Manager API Reference. This includes information about how to use these operations and parameters in one of the language-specific AWS SDKs.