Editing a custom control - AWS Audit Manager

Editing a custom control

You can edit a custom control in AWS Audit Manager by performing the following steps.

Step 1: Edit control details

Start by editing and reviewing the control details as needed.

To edit control details

  1. Open the AWS Audit Manager console at https://console.aws.amazon.com/auditmanager/home.

  2. In the navigation pane, choose Control library and then choose the Custom controls tab.

  3. Select the control that you want to edit and then choose Edit.

  4. Under Control details, edit the name and description for your control as needed.

  5. Under Testing information, edit the recommended testing information as needed.

  6. Choose Next.

Tip

To edit the tags for a control, open the control and choose the Tags tab, where you can view and edit the tags associated with the control.

Step 2: Edit data sources for this control

Edit the control data sources, add more data sources, or remove data sources.

To edit data sources for this control

  1. In the data source box under Select evidence collection method, review the current selection and modify it as needed.

    • Automated evidence – Select this option for system evidence that you want Audit Manager to automatically collect for you.

    • Manual evidence – Select this option for evidence that you will upload manually.

      For example: if the control is a procedural control that covers team organization, you can choose Manual evidence. When this control is active in an assessment, you can then upload a copy of your organization chart manually as evidence to support the control.

  2. (For automated evidence) Under Select an evidence type by mapping to a data source, review the currently selected data source and modify as needed. You can choose from the following data sources.

    Data source Description Evidence collection frequency To use this data source... When this control is active in an assessment...

    User activity logs from AWS CloudTrail

    Tracks a particular user activity that is needed in your audit.

    Continuous

    Choose from the dropdown list of keywords to search for in CloudTrail logs.

    Audit Manager assesses your CloudTrail logs and filters the relevant logs based on your keyword. The processed logs are converted into User activity evidence.

    Compliance checks for security findings from AWS Security Hub

    Captures a snapshot of your resource security posture by reporting the result of a compliance check from Security Hub.

    Based on the schedule of the Security Hub check

    Choose from the dropdown list of Security Hub checks supported by Audit Manager. Custom checks aren't currently supported.

    Audit Manager assesses the Security Hub findings that are associated with this Security Hub check. The processed data is converted into Compliance check evidence.

    Compliance checks for resource configurations from AWS Config

    Captures a snapshot of your resource security posture by reporting the result of a compliance check from AWS Config.

    Based on the triggers defined in the AWS Config rule Choose from the dropdown list of AWS Config rules supported by Audit Manager. Custom rules aren't currently supported. Audit Manager assesses the AWS Config findings that are associated with this AWS Config rule. The processed data is converted into Compliance check evidence.
    Configuration snapshots from AWS API calls

    Takes a snapshot of your resource configuration directly via an API call to the specified AWS service.

    Daily, weekly, or monthly Choose from the dropdown list of APIs supported by Audit Manager, and specify your preferred frequency. Audit Manager makes the API call based on the frequency that you specify, and assesses the results from the API call. The results are converted into Configuration data evidence.
  3. (Optional) Under Troubleshooting description, make any necessary changes to the suggested actions.

  4. To add another data source to the control, choose Add data source at the bottom of the page.

  5. To remove an unwanted data source from the control, choose Remove at the top of the data source box.

  6. Choose Next.

Step 3: (Optional) Edit an action plan

Review and edit the optional action plan as needed.

To edit an action plan

  1. Under Title, edit the title as needed.

  2. Under Action plan instructions, edit the instructions as needed.

  3. Choose Next.

Step 4: Review and update the control

Review the information for your control. To change the information for a step, choose Edit.

When you are finished, choose Save changes.

Note

After you edit a control, the changes take effect as follows in all active assessments that include the control:

  • For controls with Configuration data from AWS API calls as the data source, changes take effect at 00:00 UTC the following day.

  • For all other controls, changes take effect immediately.