Using the Audit Manager dashboard - AWS Audit Manager

Using the Audit Manager dashboard

With the Audit Manager dashboard, you can visualize non-compliant evidence in your active assessments. It's a convenient and fast way to monitor your assessments, stay informed, and remediate issues proactively. By default, the dashboard provides a top-down, aggregated view of all your active assessments. Using this view, you can visually identify issues in your assessments without first needing to sift through vast amounts of individual evidence.

The dashboard is the first screen that you see when you sign in to the Audit Manager console. It contains two widgets that show the data and key performance indicators (KPIs) that are most relevant to you. Using an assessment filter, you can refine this data to focus on the KPIs for a specific assessment. From there, you can review control domain groupings to identify which controls have the most non-compliant evidence. Then, you can explore the underlying controls to examine and remediate issues.

Note

If you’re a first-time Audit Manager user or you don’t have any active assessments, no data is displayed in the dashboard. To get started, create an assessment. This starts the ongoing collection of evidence. After a 24-hour period, aggregated evidence data will start to appear in the dashboard. You can read the following sections to learn how to understand and interpret this data.

This page covers the following topics:

Dashboard concepts and terminology

This section covers important things to know about the Audit Manager dashboard before you get started using it.

Permissions and visibility

Both audit owners and delegates have access to the dashboard. This means that both of these personas can see the metrics and aggregates for all active assessments in your AWS account. Having access to the same information enables all of your team to focus on the same KPIs and goals.

Filters

Audit Manager provides a page-level Assessment filter that you can apply to all of the widgets on your dashboard.

Non-compliant evidence

The dashboard highlights the controls in your assessments that have compliance check evidence with a non-compliant conclusion. Compliance check evidence relates to controls that use AWS Config or AWS Security Hub as a data source. For this evidence type, Audit Manager reports the result of a compliance check directly from those services. If Security Hub reports a Fail result, or if AWS Config reports a Non-compliant result, Audit Manager classes the evidence as non-compliant.

Inconclusive evidence

Evidence is inconclusive if a compliance check isn’t available or applicable. As a result, no compliance evaluation can be made. This is the case if a control uses AWS Config or AWS Security Hub as a data source but you didn’t enable those services. This is also the case if the control uses a data source that doesn't support compliance checks, such as manual evidence, API calls, or AWS CloudTrail.

If evidence has a compliance check status of not applicable in the console, it's classified as inconclusive in the dashboard.

Compliant evidence

Evidence is compliant if a compliance check reported no issues. This is the case if Security Hub reports a Pass result, or AWS Config reports a Compliant result.

Control domains

The dashboard introduces the concept of a control domain. You can think of a control domain as a general category of controls that isn’t specific to any one framework. Control domain groupings are one of the most powerful features of the dashboard. Audit Manager highlights the controls in your assessments that have non-compliant evidence, and groups them by control domain. Using this feature, you can focus your remediation efforts on specific subject domains as you prepare for an audit.

Note

A control domain is different to a control set. A control set is a framework-specific grouping of controls that’s typically defined by a regulatory body. For example, the PCI DSS framework has a control set named Requirement 8: Identify and authenticate access to system components. This control set falls under the control domain of Identity and access management.

Audit Manager categorizes controls under the following control domains.

Control domain name Description of what these controls govern

Business continuity and contingency planning

How you establish processes that protect critical business operations from the effects of major system and network disruptions.

Change management

How you test, approve, implement, and document changes to your cloud infrastructure.

Data security and privacy

How you secure the privacy, availability, and integrity of your data.

Development and configuration management

How you maintain your cloud infrastructure in a desired and consistent state.

Governance and oversight

How you align your use of cloud computing with your legal, regulatory, and ethical obligations.

Identity and access management

How you ensure that the right users have the appropriate access to your technology resources.

Incident management

How you establish responsibilities and procedures that ensure a quick and effective response to security incidents.

Logging and monitoring

How you review user activity for indications that unauthorized activity was attempted or performed.

Network management How you administer and operate your data network using a network management system.

Personnel management

How you assess and manage personnel security risks at an organizational level.

Physical security

How you detect and prevent physical security issues in your facilities.

Risk management

How you evaluate potential risks and losses, and how you reduce or eliminate such threats.

Supply chain management

How you identify, assess, and mitigate the risks that are associated with IT products, vendors, and supply chains.

User device management

How you reduce the risk that your employees' IT hardware is lost, damaged, or compromised.

Vulnerability management

How you define, assess, and remediate all known vulnerabilities for assets within your cloud infrastructure.

Eventual consistency of data

The dashboard data is eventually consistent. This means that, when you read data from the dashboard, it might not instantly reflect the results of a recently completed write or update operation. If you check again within a few hours, the dashboard should reflect the latest data.

Data from deleted and inactive assessments

The dashboard displays data from active assessments. If you delete an assessment or change its status to inactive on the same day that you view the dashboard, data is included for that assessment as follows.

  • Inactive assessments – If Audit Manager collected evidence for your assessment before you changed it to inactive, that evidence data is included in the dashboard counts for that day.

  • Deleted assessments – If Audit Manager collected evidence for your assessment before you deleted it, that evidence data isn’t included in the dashboard counts for that day.

Dashboard elements

The following sections cover the different components of the dashboard.

Assessment filter

You can use the assessment filter to focus on a specific active assessment.

By default, the dashboard displays aggregated data for all your active assessments. If you want to view data for a specific assessment, you apply an assessment filter. This is a page-level filter that applies to all widgets on the dashboard.


     Screenshot of the assessment filter dropdown on the Audit Manager dashboard.

To apply the assessment filter, select an assessment from the drop-down list at the top of the dashboard. This list shows up to 10 of your active assessments. The most recently created assessments appear first. If you have many active assessments, you can start typing the name of an assessment to quickly find it. After you select an assessment, the dashboard displays data for that assessment only.

Daily snapshot

This widget shows a snapshot of the current compliance status of your active assessments.

The daily snapshot reflects the latest data that was collected on the date at the top of the dashboard. It’s important to understand that these numbers are daily counts based on this timestamp. They aren't a total sum to date.

By default, the daily snapshot shows the following data for all your active assessments:

  1. Controls with non-compliant evidence - The total number of controls that are associated with non-compliant evidence.

  2. Non-compliant evidence - The total amount of compliance check evidence with a non-compliant conclusion.

  3. Active assessments - The total number of your active assessments. Choose this number to see links to these assessments.


     Screenshot of the daily snapshot widget on the Audit Manager dashboard.

The daily snapshot data changes based on the Assessment filter that you apply. When you specify an assessment, the data reflects the daily counts for that assessment only. In this case, the daily snapshot shows the name of the assessment that you specified. You can choose the name of the assessment to open it.


     Screenshot of the daily snapshot widget when an assessment filter is applied.

Controls with non-compliant evidence grouped by control domain

You can use this widget to identify which controls have the most non-compliant evidence.

By default, the widget shows the following data for all your active assessments:

  1. Control domain – A list of the control domains that are associated with your active assessments.

  2. Evidence breakdown – A bar chart that shows a breakdown of the evidence compliance status.


     Screenshot of the dashboard widget that shows controls with non-compliant evidence
      grouped by domain.

To expand a control domain, choose the arrow next to its name. When expanded, the console shows up to 10 controls for each domain. These controls are ranked according to the highest total count of non-compliant evidence.

The data in this widget changes based on the Assessment filter that you apply. When you specify an assessment, you see data for that assessment only. In addition, you can also download a .csv file for each available control domain in the assessment.


     Screenshot that shows the .csv download option for a control domain.

The .csv file includes the full list of controls in the domain that are associated with non-compliant evidence. The following example shows the .csv data columns with fictionalized values.


     Screenshot of a sample .csv file that shows a list of controls that have non-compliant
      evidence.

Lastly, when you apply an assessment filter, the control names under each domain are hyperlinked. Choose any control to open the control details page in the specified assessment.


     Screenshot that shows controls with non-compliant evidence
       grouped by control domain when an assessment filter is applied.
Tip

Using the control details page as your starting point, you can move from one level of detail to the next.

  1. Control details page - On this page, the evidence folders tab lists daily folders of evidence that Audit Manager collected for that control. For more detail, choose a folder.

  2. Evidence folder - Next, you can review a folder summary and a list of the evidence in that folder. For more detail, choose an individual evidence item.

  3. Individual evidence - Lastly, you can explore individual evidence details. This includes any applicable attributes and resource data for the evidence. This is the most granular level of evidence data.

What do I do next?

Here are some next steps that you can take after reviewing the dashboard.

Troubleshooting

Use the information here to troubleshoot and fix issues that you might encounter when using the dashboard.

There isn't any data on my dashboard

If the numbers in the daily snapshot widget display a hyphen (-), this indicates that no data is available. You must have at least one active assessment to see data in the dashboard. To get started, create an assessment. After a 24-hour period, your assessment data will start to appear in the dashboard.

Note

If the numbers in the daily snapshot widget display a zero (0), this indicates that your active assessments (or your selected assessment) have no non-compliant evidence.

The .csv download option isn't available

This option is available for individual assessments only. Make sure that you applied an Assessment filter to the dashboard, then try again. Keep in mind that you can only download one .csv file at a time.

I don't see the downloaded file when trying to download a .csv file

If a control domain contains a large number of controls, there might be a short delay while Audit Manager generates the .csv file. After the file is generated, it downloads automatically.

If you still don’t see the downloaded file, make sure that your internet connection is working normally and you're using the most current version of your web browser. In addition, check your recent downloads folder. Files download into the default location that's determined by your browser. If this doesn't resolve your issue, try downloading the file using a different browser.

A specific control or control domain is missing from the dashboard

This likely means that your active assessments (or specified assessment) don't have any relevant data for that control or control domain.

A control domain is displayed on the dashboard only if both of the following two criteria are met:

  • Your active assessments (or specified assessment) contain at least one control that's related to that domain

  • At least one control within that domain collected evidence on the date at the top of the dashboard

A control is displayed within a domain only if it collected evidence on the date at the top of the dashboard.

The daily snapshot shows varying amounts of evidence each day. Is this normal?

Not all evidence is collected on a daily basis. The controls in Audit Manager assessments map to different data sources, and each one can have a different evidence collection schedule. As a result, it's expected that the daily snapshot displays a varying amount of evidence each day. For more information, see How AWS Audit Manager collects evidence.