Reviewing the controls in an assessment - AWS Audit Manager

Reviewing the controls in an assessment

Controls in AWS Audit Manager help you meet both common and unique compliance standards and regulations in your audits. You can open and review the controls in your Audit Manager assessment at any time.

To open a control summary page

  1. Open the AWS Audit Manager console at https://console.aws.amazon.com/auditmanager/home.

  2. In the navigation pane, choose Assessments, and choose the name of an assessment to open it.

  3. From the assessment page, choose the Controls tab, scroll down to the Control sets table, and then choose the name of a control to open it.

When you open a control, you see a summary page that contains several sections. The sections of this page and their contents are described in the following sections.

Control details

The Control details section provides an overview of the control.

It includes the following information:

  1. Control name – The name that's given to this control.

  2. Control description – The description that's provided for this control.

  3. Testing information – The recommended testing procedures for this control.

  4. Action plan – The recommended actions to carry out if the control isn't fulfilled.

Update control status

In the Update control status section of the page, you can review and update the status of the controls in the assessment.

The following statuses are available for a control:

  • Under review – Indicates that this control hasn't yet been reviewed. Evidence is still being collected for this control, and you can upload manual evidence. This is the default status.

  • Reviewed – Indicates that the evidence for this control has been reviewed. Evidence is still being collected, and you can upload manual evidence.

  • Inactive – Indicates that automated evidence collection has stopped for this control. You can no longer upload manual evidence.

Note

Changing a control status to reviewed is final. After you set the status of a control to reviewed, you can no longer change the status of that control or revert to a previous status.

Evidence folders tab


     Screenshot of the available tabs on a control details page, with the evidence folders tab selected.

The Evidence folders tab lists the evidence that's automatically collected for this control. It is organized into folders on a daily basis. From here, you can also select a folder and choose Upload manual evidence to add more evidence manually.

Under the Evidence folders table, a list of folders is displayed with the following data columns:

  • Evidence folder – The name of the evidence folder. The name is based on the date when the evidence was collected.

  • Compliance check – The number of issues that are found in the evidence folder. This number represents the total number of security issues that were reported directly from AWS Security Hub, AWS Config, or both. You can find more information about the relevant evidence and the nature of the issue by opening the evidence folder.

    Not applicable indicates that you either don't have AWS Security Hub or AWS Config enabled, or the evidence comes from a different data source.

  • Total evidence – The total number of evidence items inside the folder.

  • Assessment report selection – The number of evidence items within the folder that are included in the assessment report.

From the Evidence folders tab, choose a folder to open an Reviewing evidence folders. From the evidence folder summary page, you can choose an evidence item to open an Reviewing individual evidence.

From the Evidence folders tab, you can also choose to add or remove evidence to an assessment report. For more information, see Generating an assessment report.

Data source tab


     Screenshot of the available tabs on a control details page, with the data sources tab selected.

The Data source tab displays the data sources for the control.

Under the Data source table, a list of data sources is displayed with the following data columns.

  • Name – The name of the data source from which AWS Audit Manager collects evidence.

  • Data source – The name of the AWS service that contains this data.

  • Attribute – The associated attribute value for retrieving the data from the data source. For example, this can be the parameter attribute used when making a describe API call to an AWS service.

  • Frequency – The frequency of evidence collection from this data source. The frequency varies depending on the data source. For more information, choose the value in the column or see Evidence collection frequency.

Comments tab


     Screenshot of the available tabs on a control details page, with the comments tab selected.

In the Comments tab, you can add a comment regarding the control and its evidence. It also displays a list of previous comments.

Under Send comments, you can add comments for a control by entering text and then choosing Submit comments.

Under Previous comments, you can view a list of previous comments along with the date the comment was made and the associated user ID.

Changelog tab


     Screenshot of the available tabs on a control details page, with the changelog tab selected.

The Changelog tab displays a list of user activity related to the control. The same information is available as audit trail logs in AWS CloudTrail. With the user activity that's captured directly in AWS Audit Manager, you can easily review an audit trail of activity for a given control.

Under Changelog, a table displays the following data columns:

  • Date – The date and time of the activity.

  • User – The IAM user or role that performed the activity.

  • Action – A description of the activity.

  • Type – The associated attribute that further describes the activity.

  • Resource – The related resource, if applicable.

AWS Audit Manager tracks the following user activity in changelogs:

  • Creating an assessment

  • Editing an assessment

  • Completing an assessment

  • Deleting an assessment

  • Delegating a control set for review

  • Submitting a reviewed control set back to the audit owner

  • Uploading manual evidence

  • Updating a control status

  • Generating assessment reports