Customizing an existing control - AWS Audit Manager

Customizing an existing control

The control library in AWS Audit Manager contains a catalog of standard controls and also custom controls that you have created. Instead of creating a custom control from scratch, you can customize an existing control and modify it as needed to suit your specific audit requirements.

Important

We strongly recommend that you never put sensitive identifying information into free-form fields such as Control details, Testing information, or Action plan. If you create custom controls that contain sensitive information, you can’t share any of your custom frameworks that contain these controls.

Step 1: Specify control details

The control details are carried over from the original control. Review and modify these details as needed.

To specify control details

  1. Open the AWS Audit Manager console at https://console.aws.amazon.com/auditmanager/home.

  2. In the navigation pane, choose Control library.

  3. Select the control that you want to customize and then choose Customize existing control.

  4. Specify the new name of the control, and choose Customize.

  5. Under Control details, review the name and description for your control, and modify them as needed.

  6. Under Testing information, review the recommended testing information, and modify it as needed.

  7. Under Tags, review and modify the tags as needed.

  8. Choose Next.

Step 2: Configure data sources for this control

Data sources are carried over from the original control. You can modify the existing data sources, add more data sources, or remove existing control data sourced as needed.

To configure data sources for this control

  1. In the data source box under Select evidence collection method, review the current selection and modify it if needed.

    • Automated evidence – Select this option for system evidence that you want Audit Manager to automatically collect for you.

    • Manual evidence – Select this option for evidence that Audit Manager can't collect automatically.

      For example: if the control is a procedural control that covers team organization, you can choose Manual evidence. When this control is active in an assessment, you can then upload a copy of your organization chart manually as evidence to support the control.

  2. (For automated evidence) Under Select an evidence type by mapping to a data source, review the currently selected data source and modify as needed. You can choose from the following data sources.

    Data source Description Evidence collection frequency To use this data source... When this control is active in an assessment...

    User activity logs from AWS CloudTrail

    Tracks a particular user activity that is needed in your audit.

    Continuous

    Choose from the dropdown list of keywords to search for in CloudTrail logs.

    Audit Manager assesses your CloudTrail logs and filters the relevant logs based on your keyword. The processed logs are converted into User activity evidence.

    Compliance checks for security findings from AWS Security Hub

    Captures a snapshot of your resource security posture by reporting the result of a compliance check from Security Hub.

    Based on the schedule of the Security Hub check

    Choose from the dropdown list of Security Hub checks supported by Audit Manager. Custom checks aren't currently supported.

    Audit Manager assesses the Security Hub findings that are associated with this Security Hub check. The processed data is converted into Compliance check evidence.

    Compliance checks for resource configurations from AWS Config

    Captures a snapshot of your resource security posture by reporting the result of a compliance check from AWS Config.

    Based on the triggers defined in the AWS Config rule Choose from the dropdown list of AWS Config rules supported by Audit Manager. Custom rules aren't currently supported. Audit Manager assesses the AWS Config findings that are associated with this AWS Config rule. The processed data is converted into Compliance check evidence.
    Configuration snapshots from AWS API calls

    Takes a snapshot of your resource configuration directly via an API call to the specified AWS service.

    Daily, weekly, or monthly Choose from the dropdown list of APIs supported by Audit Manager, and specify your preferred frequency. Audit Manager makes the API call based on the frequency that you specify, and assesses the results from the API call. The results are converted into Configuration data evidence.
  3. (Optional) Under Troubleshooting description, make any necessary changes to the suggested actions to take if no evidence is collected from the control data source.

  4. To add another data source to the control, choose Add data source at the bottom of the page.

  5. To remove an unwanted data source from the control, choose Remove at the top of the data source box.

  6. Choose Next.

Tip

If you aren't sure how to configure the control and you want to ask a subject matter expert for help, we suggest that you choose Manual evidence for now. You can save the control and add it to a framework at this time, and then edit the control at a later date. To learn more about how to edit a control, see Editing a custom control.

Step 3: (Optional): Define an action plan

The action plan is carried over from the original control. Review and customize the actions to take if this control is not fulfilled.

To define an action plan

  1. Under Title, review the title for the action plan, and customize it as needed.

  2. Under Action plan instructions, review and customize the instructions as needed.

  3. Choose Next.

Step 4: Review and create the control

Review the information for your control. To change the information for a step, choose Edit. When you are finished, choose Create custom control.

What can I do next?

After you create your new custom control, you can add it to a custom framework. To learn more, see Creating a custom framework or Editing a custom framework.

After you add your custom control to a custom framework, you can create an assessment from that custom framework and begin collecting evidence. To learn more, see Creating an assessment.

If you need to edit your custom control, see Editing a custom control.