Using the framework library to manage frameworks in AWS Audit Manager
You can find and manage frameworks in the framework library in AWS Audit Manager.
A framework determines which controls are tested in an environment over a period of time. It defines the controls and their data source mappings for a given compliance standard or regulation. It's also used to structure and automate Audit Manager assessments. You can use frameworks as a starting point to audit your AWS service usage and start automating evidence collection.
Key points
In the framework library, frameworks are organized into the following categories.
-
Standard frameworks are prebuilt frameworks that AWS provides. These frameworks are based on AWS best practices for different compliance standards and regulations, such as GDPR and HIPAA. Standard frameworks include controls that are organized into control sets based on the compliance standard or regulation that the framework supports.
You can view the contents of standard frameworks, but you can't edit or delete them. However, you can make an editable copy of any standard framework to create a new one to meet your specific requirements.
-
Custom frameworks are frameworks that you create. You can create a custom framework from scratch, or by making an editable copy of an existing framework. You can use custom frameworks to organize controls into control sets in a way that meets your specific requirements.
You can create an assessment from a standard framework or a custom framework.
Note
AWS Audit Manager assists in collecting evidence that's relevant for verifying compliance with specific compliance standards and regulations. However, it doesn't assess your compliance itself. The evidence that's collected through AWS Audit Manager therefore might not include all the information about your AWS usage that's needed for audits. AWS Audit Manager isn't a substitute for legal counsel or compliance experts.
Additional resources
To create and manage frameworks in Audit Manager, follow the procedures that are outlined here.