Customizing an existing framework
With custom frameworks in AWS Audit Manager, you can organize controls into control sets in a way that meets your specific requirements. Instead of creating a custom framework from scratch, you can use an existing framework as a starting point and customize it. When you do this, the existing framework remains in the framework library, and a new custom framework is created with your customized settings.
You can select any existing framework to customize. It can be either a standard framework or a custom framework.
In the framework library, from the Create custom framework dropdown list, choose Customize existing framework. Use the following steps to customize the framework.
Topics
Step 1: Specify framework details
All framework details, except tags, are carried over from the original framework. Review and modify these details as needed.
To specify framework details
Open the AWS Audit Manager console at https://console.aws.amazon.com/auditmanager/home
. -
In the left navigation pane, choose Framework library.
-
Choose the framework you want to customize, and from the Create custom framework dropdown list, choose Customize existing framework.
-
In the pop-up window that appears, enter a name for the new custom framework and choose Customize.
-
Under Framework detail, review the name, compliance type, and description for your framework, and modify them as needed. The compliance type should indicate the compliance standard or the regulation that's associated with your framework. You can use this keyword to search for your framework.
-
Under Tags, choose Add new tag to associate a tag with your framework. You can specify a key and a value for each tag. The tag key is mandatory and can be used as a search criteria when you search for this framework in the Framework library. For more information about tags in AWS Audit Manager, see Tagging AWS Audit Manager resources.
-
Choose Next.
Step 2: Specify controls to add to control sets
The control sets are carried over from the original framework. Customize the current configuration by adding more controls or removing existing controls as needed.
Note
When you use the AWS Audit Manager console to customize a framework, you can add up to 10 control sets for each framework.
When you use the Audit Manager API to create a custom framework, you can add more than 10 control sets. To add more control sets than the console currently allows, use the CreateAssessmentFramework API that Audit Manager provides.
To specify controls in the control set
-
Under Control set name, customize the name of the control set as needed.
-
Under Add a new control to the control set, add a new control by using the dropdown list to select one of the two control types: Standard controls or Custom controls.
-
Based on the option that you selected in the previous step, a list of standard controls or custom controls is displayed. You can browse this list, or search by entering the control name, compliance, or tags to locate the controls that you want to add. Select one or more controls and choose Add to control set to add to this control set.
-
In the pop-up window that appears, choose Add to control set to confirm your addition.
-
Under Review the selected controls in the control set, review the controls that appear in the Selected controls list. To add more controls to a control set, repeat steps 2–4. You can remove unwanted controls from the control set by selecting one or more controls and choosing Remove control.
-
To add a new control set to the framework, choose Add control set at the bottom of the page. You can remove unwanted control sets by choosing Remove control set.
-
After you finish adding control sets and controls, choose Next.
Step 3: Review and create the framework
Review the information for your framework. To change the information for a step, choose Edit.
When you're finished, choose Create custom framework.
What can I do next?
After you create your new custom framework, you can create an assessment from your framework. For more information, see Creating an assessment.
For instructions on how to edit your custom framework, see Editing a custom framework.