Reviewing the delegated control set and its related evidence - AWS Audit Manager

Reviewing the delegated control set and its related evidence

You can assist audit owners by reviewing the control sets that they have delegated to you. You can examine these controls and their related evidence to determine if any additional action is needed. Such additional action could include manually uploading additional evidence to demonstrate compliance, or leaving a comment that details the remediation steps that you followed.

To review a control set

  1. Open the AWS Audit Manager console at https://console.aws.amazon.com/auditmanager/home.

  2. In the navigation pane, choose Notifications. Or, in the blue flash bar, choose View notification to open the notifications page.

  3. On the Notifications page, a list of control sets that were delegated to you is displayed. Identify which control set you want to review, and choose the name of the related assessment to open the assessment detail page.

  4. Under the Controls tab of the assessment detail page, scroll down to the Control sets table.

  5. Under the Controls grouped by control set column, expand the name of a control set to show its controls, and choose the name of a control to open the control detail page.

  6. (Optional) Choose Update control status to change the status of the control. While your review is in progress, you can mark the status as Under Review.

  7. Review information about the control in the Evidence folders, Data sources, Comments, and Changelog tabs. For information about each of these tabs and how to interpret this information, see Reviewing the controls in an assessment.

To review the evidence for a control

  1. From the control detail page, choose the Evidence folders tab.

  2. Navigate to the Evidence folders table, a list of folders that contain evidence for that control are displayed. These folders are organized and named based on the date when the evidence was collected.

  3. Choose the name of an evidence folder to open it. Then, review a summary of all evidence gathered on that date. This summary includes the total number of compliance check issues that were reported directly from AWS Security Hub, AWS Config, or both. For instructions on how to interpret the data on this page, see Reviewing evidence folders.

  4. From the evidence folder summary page, navigate to the Evidence table. Under the Time column, choose a line item to open. Then, review the details about the piece of evidence that was collected at that time. For instructions on how to interpret the data on an evidence detail page, see Reviewing individual evidence.

Tip

Although AWS Audit Manager automatically collects evidence for many controls, in some cases you might need to provide additional evidence to demonstrate compliance. In these cases, you can manually upload evidence. For instructions, see Uploading manual evidence.