Customizing an existing framework - AWS Audit Manager

Customizing an existing framework

With custom frameworks in AWS Audit Manager, you can organize controls into control sets in a way that meets your specific requirements. Instead of creating a custom framework from scratch, you can use an existing framework as a starting point and customize it according to your needs. When you do this, the existing framework remains in the framework library, and a new custom framework is created with your customized settings.

You can select any existing framework to customize. It can be either a standard framework or a custom framework.

In the framework library, from the Create custom framework dropdown list choose Customize existing framework. Use the following steps to customize the framework.

Step 1: Specify framework details

All framework details, except tags, are carried over from the original framework. Review and modify these details as needed.

To specify framework details

  1. Open the AWS Audit Manager console at https://console.aws.amazon.com/auditmanager/home.

  2. In the left navigation pane, choose Framework library.

  3. Choose the framework you want to customize, and from the Create custom framework dropdown list, choose Customize existing framework.

  4. Under Framework detail, review the name, compliance type, and description for your framework, and modify them as needed. The compliance type should indicate the compliance standard or regulation that's associated with your framework. It might be PCI_DSS, HITRUST, or GDPR. You can use this keyword to search for your framework.

  5. Under Tags, choose Add new tag to associate a tag with your framework. You can specify a key and a value for each tag. The tag key is mandatory and can be used as a search criteria when you search for this framework in the Framework library. For more information about tags in AWS Audit Manager, see Tagging AWS Audit Manager resources.

  6. Choose Next.

Step 2: Specify controls to add to control sets

The control sets are carried over from the original framework. Customize the current configuration by adding more controls or removing existing controls as needed.

Note

When you use the AWS Audit Manager console to customize a framework, you can add up to 10 control sets for each framework.

When you use the Audit Manager API to create a custom framework, you can add more than 10 control sets. If you need to add more control sets than the console currently allows, we recommend that you use the CreateAssessmentFramework API that's provided by AWS Audit Manager.

To specify controls in the control set

  1. Under Control set name, customize the name of the control set as needed.

  2. Under Add a new control to the control set, add a new control by using the dropdown list to select one of the two control types: Standard controls or Custom controls.

  3. Depending on the option that you selected in the previous step, a table list of either standard controls or custom controls is displayed. You can browse control sets from this list, or search by control name, compliance, or tags to locate the controls that you want to add. Select one or more controls and choose Add to control set to add to this control set.

  4. In the pop-up window that appears, choose Add to control set to confirm your addition.

  5. Under Review the selected controls in the control set, review the controls that appear in the Selected controls list. To add more controls to a control set, repeat steps 2–4. You can remove unwanted controls from the control set by selecting one or more controls and choosing Remove control.

  6. To add a new control set to the framework, choose Add control set at the bottom of the page. You can remove unwanted control sets by choosing Remove control set.

  7. After you finish adding control sets and controls, choose Next.

Step 3: Review and create the framework

Review the information for your framework. To change the information for a step, choose Edit.

When you're finished, choose Create custom framework.

What can I do next?

After you create your new custom framework, you can create an assessment from your framework. For more information, see Creating an assessment.

For instructions on how to edit your custom framework, see Editing a custom framework.