Creating a new custom framework from scratch - AWS Audit Manager

Creating a new custom framework from scratch

You can use custom frameworks in AWS Audit Manager to organize controls into control sets in a way that meets your specific requirements. You can create a new custom framework from scratch in the framework library by following these steps.

Step 1: Specify framework details

Start by specifying the controls that you want to include in your custom framework.

To specify framework details

  1. Open the AWS Audit Manager console at https://console.aws.amazon.com/auditmanager/home.

  2. In the left navigation pane, choose Framework library, and choose Create custom framework.

  3. Under Framework detail, enter a name, a compliance standard or regulation (optional), and a description for your framework (also optional). The compliance standard or regulation that you enter should be a keyword such as PCI_DSS or GDPR. You can use this keyword to search for your framework.

  4. Under Tags, choose Add new tag to associate a tag with your framework. You can specify a key and a value for each tag. The tag key is mandatory and can be used as a search criteria for when you search for this framework in the Framework library. For more information about tags in AWS Audit Manager, see Tagging AWS Audit Manager resources.

  5. Choose Next.

Step 2: Specify the controls in the control sets

Next, you specify which controls you want add to your framework and how you want to organize them. Start by adding control sets to the framework, and then add controls to the control set.

Note

When you use the AWS Audit Manager console to create a custom framework, you can add up to 10 control sets for each framework.

When you use the Audit Manager API to create a custom framework, you can create more than 10 control sets. If you need to add more control sets than the console currently allows, we recommend that you use the CreateAssessmentFramework API that's provided by AWS Audit Manager.

To specify the controls in the control sets

  1. Under Control set name, enter a name for your control set.

  2. Under Add a new control to the control set, Select control type, use the dropdown list to select one of the two control types: Standard controls or Custom controls. Standard controls are provided by AWS Audit Manager, and custom controls are those that you created.

  3. Depending on the option that you selected in the previous step, a list of either the available standard controls or custom controls is displayed. You can browse controls from this list, or search by control name, compliance, or tag. Select one or more controls and choose Add to control set to add them to the control set.

  4. In the pop-up window that appears, choose Add to control set to confirm your addition.

  5. Under Review the selected controls in the control set, review the controls that appear in the Selected controls list. To add more controls to a control set, repeat steps 2–4. You can remove unwanted controls from the control set by selecting one or more controls and choosing Remove control.

  6. To add a new control set to the framework, choose Add control set at the bottom of the page. You can remove unwanted control sets by choosing Remove control set.

  7. After you finish adding control sets and controls, choose Next.

Step 3: Review and create the framework

Review the information for your framework. To change the information for a step, choose Edit.

When you're finished, choose Create custom framework.

What can I do next?

After you create your new custom framework, you can create an assessment from your framework. For more information, see Creating an assessment.

You can also create a custom framework using an existing framework. For more information, see Customizing an existing framework.

For instructions on how to edit your custom framework, see Editing a custom framework.