Framework library - AWS Audit Manager

Framework library

You can access and manage frameworks from the framework library in AWS Audit Manager.

A framework determines which controls are tested in an environment over a period of time. It defines the controls and their data source mappings for a given compliance standard or regulation. It's also used to structure and automate AWS Audit Manager assessments. You can use frameworks as a starting point to audit your AWS service usage and start automating evidence collection.

The framework library contains a catalog of both standard and custom frameworks.

  • Standard frameworks are prebuilt frameworks provided by AWS. These frameworks are based on AWS best practices for different compliance standards and regulations. These include GDPR and HIPAA. Standard frameworks include controls that are organized into control sets that are based on the compliance standard or regulation that the framework supports.

    You can view the contents of standard frameworks, but you can't edit or delete them. However, you can customize any standard framework to create a new one to meet your specific requirements.

  • Custom frameworks are customized frameworks that you own. You can create a custom framework from scratch, or by customizing an existing framework. You can use custom frameworks to organize controls into control sets in a way that meets your specific requirements. To learn more about how to manage controls, see Control library.

You can create an assessment from any standard or custom framework. For instructions on how to create and manage assessments, see Assessments in AWS Audit Manager.

Note

AWS Audit Manager assists in collecting evidence that's relevant for verifying compliance with specific compliance standards and regulations. However, it doesn't assess your compliance itself. The evidence that's collected through AWS Audit Manager therefore might not include all the information about your AWS usage that's needed for audits. AWS Audit Manager isn't a substitute for legal counsel or compliance experts.

This section describes how you can create and manage custom frameworks in AWS Audit Manager.