Generating an assessment report - AWS Audit Manager

Generating an assessment report

An assessment report summarizes your assessment and provides links to an organized set of folders containing related evidence. For more information, see Assessment reports.

You can choose which evidence you want to include in your assessment report before generating the assessment report.

Adding evidence to an assessment report

Before you generate an assessment report, you should review the evidence for each control in your assessment and specify whether you want to include it in the assessment report. By default, newly collected evidence is excluded from the assessment report.

To review and include evidence in an assessment report

  1. Open the AWS Audit Manager console at https://console.aws.amazon.com/auditmanager/home.

  2. In the navigation pane, choose Assessments, and then choose the name of the assessment to open it.

  3. Scroll down to the Controls table, and choose the name of the control to open the control details page.

  4. Scroll down to the Evidence folders table, select the evidence folder that you want to add to the assessment report, and then choose Add to assessment report. In the pop-up window that appears, choose Add to assessment report to confirm the addition.

    1. If you want to remove an evidence folder that was previously added to an evidence report, select the folder and choose Remove from assessment report.

  5. To add a single evidence item to an assessment report, choose the name of the evidence folder to open the evidence folder summary page. Select the evidence, and then choose Add to assessment report. In the pop-up window that appears, choose Add to assessment report to confirm the addition.

    1. If you want to remove a single evidence item that was previously added to an assessment report, choose the name of the evidence folder to open the evidence folder summary page. Select the evidence, and then choose Remove from assessment report.

  6. After you review the evidence and added it to an assessment report, a green success banner appears. Choose View assessment report selection to go back to the assessment page, where you can now generate an assessment report.

Generating the assessment report

After you select the evidence to include in your assessment report, you can generate the final assessment report to share with your auditors.

When you generate an assessment report, it is placed into the S3 bucket that you designated as your assessment report destination.

Tip

We recommend that you verify the following configurations before you generate your report:

  1. The AWS Region of your assessment report destination (and your customer managed key, if you provided one) must match the AWS Region of your assessment.

  2. If your assessment report destination has a bucket policy that requires server-side encryption (SSE) using SSE-KMS, then the KMS key used in that bucket policy must match the KMS key you configured in your AWS Audit Manager data encryption settings. If you haven't configured a KMS key in your Audit Manager settings, and your assessment report destination bucket policy requires SSE, ensure that the bucket policy allows SSE-S3.

For more information about how to configure the assessment report destination and the KMS key used for data encryption, see AWS Audit Manager settings. For a list of Audit Manager Regions, see AWS Regions and Endpoints in the Amazon Web Services General Reference.

To generate an assessment report

  1. Open the AWS Audit Manager console at https://console.aws.amazon.com/auditmanager/home.

  2. In the left navigation pane, choose Assessments.

  3. Choose the name of the assessment for which you want to generate an assessment report.

  4. Choose the Assessment report selection tab, and then choose Generate assessment report.

  5. In the pop-up window, provide a name and description for the assessment report, and review the Assessment report details section. This includes the assessment name, the evidence in the assessment report, and the assessment report destination (the S3 bucket that you specified when creating the assessment).

  6. Choose Generate assessment report.

You can now go to the S3 bucket that you designated as your destination folder and download the assessment report. The generated assessment report has a file checksum to ensure the integrity of the assessment report. You can validate this with the ValidateAssessmentReportIntegrity API operation offered by AWS Audit Manager.