Editing an assessment - AWS Audit Manager

Editing an assessment

You can edit your active assessments in AWS Audit Manager to change information such as the description, scope, audit owners, and assessment report destination.

Step 1: Edit assessment details

Follow these steps to edit the details of your assessment.

To edit an assessment

  1. Open the AWS Audit Manager console at https://console.aws.amazon.com/auditmanager/home.

  2. In the navigation pane, choose Assessments to view your current list of assessments.

  3. Select an assessment, and choose Edit.

    • Alternatively, you can open the assessment and then choose Edit in the top right of the page.

  4. Under Edit assessment details, edit your assessment name, description, and assessment report destination.

  5. Choose Next.

Tip

To edit the tags for an assessment, open the assessment and choose the Tags tab. There you can view and edit the tags associated with the assessment.

Step 2: Edit AWS accounts in scope

In this step, you can change the list of accounts to include in the scope of your assessment.

You can specify multiple AWS accounts to be in the scope of an assessment. AWS Audit Manager supports multiple accounts through integration with AWS Organizations. This means that Audit Manager assessments can be run over multiple accounts, with the collected evidence consolidated into a delegated administrator account. To add or change the delegated administrator for Audit Manager, see AWS Audit Manager settings, Delegated administrator.

To edit AWS accounts in scope

  1. Under Edit AWS accounts in scope, select additional AWS accounts. You can also remove accounts by clearing them from the list.

  2. Choose Next.

Step 3: Edit AWS services in scope

This step specifies which AWS services Audit Manager monitors and collects evidence for. If a listed AWS service isn't selected, or it's selected but you haven't subscribed to it in your environment, then Audit Manager won't collect evidence from resources related to that service.

You can review and edit the AWS services in scope as follows.

If you created the assessment from a standard framework, you can review the list of AWS services in scope but you can’t edit this list. This is because Audit Manager automatically maps and selects the data sources and services for you, according to the design of the standard framework. If you created the assessment using a framework that contains manual controls only, no AWS services are in scope for your assessment, and you can't add any services.

To proceed, review the list and choose Next.

If you created the assessment from a custom framework, you can edit the AWS services that are in scope for your assessment. You can select zero or more services to be in the scope of your assessment.

To edit AWS services in scope (for assessments created from custom frameworks only)

  1. Under Edit AWS services in scope, select additional AWS services as necessary. You can also remove services by clearing them from the list.

  2. Choose Next.

Step 4: Edit audit owners

You can also change the audit owners for your assessment. Audit owners are the individuals in your workplace—usually from GRC, SecOps, or DevOps teams—who are responsible for managing the Audit Manager assessment. Their duties include delegating control sets for review and generating assessment reports. We recommend that you use the AWSAuditManagerAdministratorAccess policy.

To edit audit owners

  1. Select new audit owners to add to the assessment. To remove audit owners, clear them from the list.

  2. Choose Next.

Step 5: Review and save

Review the information for your assessment. To change the information for a step, choose Edit. When you're finished, choose Save changes to confirm your edits.

Note

After you complete your edits, the changes to the assessment take effect at 00:00 UTC the following day.