Editing an assessment
You can edit your active assessments in Audit Manager to change information such as the description, scope, audit owners, and assessment report destination.
Tasks
Step 1: Edit assessment details
Follow these steps to edit the details of your assessment.
To edit an assessment
Open the AWS Audit Manager console at https://console.aws.amazon.com/auditmanager/home
. -
In the navigation pane, choose Assessments to view your current list of assessments.
-
Select an assessment, and choose Edit.
-
Alternatively, you can open the assessment and then choose Edit in the top right of the page.
-
-
Under Edit assessment details, edit your assessment name, description, and assessment report destination.
-
Choose Next.
Tip
To edit the tags for an assessment, open the assessment and choose the Tags tab. There you can view and edit the tags associated with the assessment.
Step 2: Edit AWS accounts in scope
In this step, you can change the list of accounts that are included in the scope of your assessment.
Audit Manager supports multiple accounts through integration with AWS Organizations. This means that Audit Manager assessments can be run over multiple accounts, with the collected evidence consolidated into a delegated administrator account. To add or change the delegated administrator for Audit Manager, see AWS Audit Manager settings, Delegated administrator.
Note
Audit Manager can support up to approximately 150 accounts in the scope of an assessment. If you try to include over 150 accounts, the assessment creation might fail.
To edit AWS accounts in scope
-
Under Edit AWS accounts in scope, select additional AWS accounts. You can also remove accounts by clearing them from the list.
-
Choose Next.
Step 3: Edit AWS services in scope
This step specifies which AWS services Audit Manager monitors and collects evidence for. If a listed AWS service isn't selected, or it's selected but you didn't enable it in your environment, Audit Manager doesn't collect evidence from resources related to that service.
You can review and edit the AWS services in scope as follows.
When you use the Audit Manager console to edit an assessment that was created from a standard framework, you can review the list of AWS services in scope but you can’t edit this list. This is because Audit Manager automatically maps and selects the data sources and services for you, according to the design of the standard framework. If the assessment was created using a framework that contains manual controls only, no AWS services are in scope for your assessment, and you can't add any services.
To proceed, review the list and choose Next.
Tip
If you need to edit the list of services in scope for an existing assessment, you can do so by using the UpdateAssessment API that's provided by Audit Manager.
If you created the assessment from a custom framework, you can edit the AWS services that are in scope for your assessment. You can select zero or more services to be in the scope of your assessment.
To edit AWS services in scope (for assessments created from custom frameworks only)
-
Under Edit AWS services in scope, select additional AWS services as necessary. You can also remove services by clearing them from the list.
-
Choose Next.
Step 4: Edit audit owners
You can also change the audit owners for your assessment. Audit owners are the individuals in your workplace—usually from GRC, SecOps, or DevOps teams—who are responsible for managing the Audit Manager assessment. Their duties include delegating control sets for review and generating assessment reports. We recommend that you use the AWSAuditManagerAdministratorAccess policy.
To edit audit owners
-
Select new audit owners to add to the assessment. To remove audit owners, clear them from the list.
-
Choose Next.
Step 5: Review and save
Review the information for your assessment. To change the information for a step, choose Edit. When you're finished, choose Save changes to confirm your edits.
Note
After you complete your edits, the changes to the assessment take effect at 00:00 UTC the following day.