What is AWS Audit Manager? - AWS Audit Manager

What is AWS Audit Manager?

Welcome to the AWS Audit Manager User Guide.

AWS Audit Manager helps you continually audit your AWS usage to simplify how you manage risk and compliance with regulations and industry standards. Audit Manager automates evidence collection so you can more easily assess whether your policies, procedures, and activities—also known as controls—are operating effectively. When it's time for an audit, Audit Manager helps you manage stakeholder reviews of your controls. This means that you can build audit-ready reports with much less manual effort.

Audit Manager provides prebuilt frameworks that structure and automate assessments for a given compliance standard or regulation. Frameworks include a prebuilt collection of controls with descriptions and testing procedures. These controls are grouped according to the requirements of the specified compliance standard or regulation. You can also customize frameworks and controls to support internal audits according to your specific requirements.

You can create an assessment from any framework. When you create an assessment, Audit Manager automatically runs resource assessments. These assessments collect data for both the AWS account and services that you define as in scope for your audit. The data that's collected is automatically transformed into audit-friendly evidence. Then, it's attached to the relevant controls to help you demonstrate compliance in security, change management, business continuity, and software licensing. This evidence collection process is ongoing, and starts when you create your assessment. After you complete an audit and you no longer need Audit Manager to collect evidence, you can stop evidence collection. To do this, change the status of your assessment to inactive.

Features of Audit Manager

With AWS Audit Manager, you can do the following tasks:

  • Get started quicklyCreate your first assessment by selecting from a gallery of prebuilt frameworks that support a range of compliance standards and regulations. Then, initiate automatic evidence collection to audit your AWS service usage.

  • Upload and manage evidence from hybrid or multicloud environments — In addition to the evidence that Audit Manager collects from your AWS environment, you can also upload and centrally manage evidence from your on-premises or multicloud environment.

  • Support common compliance standards and regulations — Choose one of the AWS Audit Manager standard frameworks. These frameworks provide prebuilt control mappings for common compliance standards and regulations. These include the CIS Foundation Benchmark, PCI DSS, GDPR, HIPAA, SOC2, GxP, and AWS operational best practices.

  • Monitor your active assessments — Use the Audit Manager dashboard to view analytics data for your active assessments, and quickly identify non-compliant evidence that needs to be remediated.

  • Search for evidence — Use the evidence finder feature to quickly find evidence that’s relevant to your search query. You can generate an assessment report from your search results, or export your search results in CSV format.

  • Create custom controlsCreate your own control from scratch or customize an existing control to meet your needs. You can also use the custom controls feature to create risk assessment questions and store the responses to those questions as manual evidence.

  • Customize frameworksCreate your own frameworks with standard or custom controls based on your specific requirements for internal audits.

  • Share custom frameworks Share your custom Audit Manager frameworks with another AWS account, or replicate them into another AWS Region under your own account.

  • Support cross-team collaborationDelegate control sets to subject matter experts who can review related evidence, add comments, and update the status of each control.

  • Create reports for auditors Generate assessment reports that summarize the relevant evidence that's collected for your audit and link to folders that contain the detailed evidence.

  • Ensure evidence integrityStore evidence in a secure location, where it remains unaltered.

Note

AWS Audit Manager assists in collecting evidence that's relevant for verifying compliance with specific compliance standards and regulations. However, it doesn't assess your compliance itself. The evidence that's collected through AWS Audit Manager therefore might not include all the information about your AWS usage that's needed for audits. AWS Audit Manager isn't a substitute for legal counsel or compliance experts.

Pricing for Audit Manager

For more information about pricing, see AWS Audit Manager Pricing.

Are you a first-time user of Audit Manager?

If you're a first-time user of Audit Manager, we recommend that you start with the following pages:

  1. AWS Audit Manager concepts and terminology – Learn about the key concepts and terms used in Audit Manager, such as assessments, frameworks, and controls.

  2. How AWS Audit Manager collects evidence – Learn about how Audit Manager gathers evidence for a resource assessment.

  3. Setting up – Learn about the setup requirements for Audit Manager.

  4. Getting Started – Follow a tutorial to create your first Audit Manager assessment.

  5. AWS Audit Manager API Reference – Familiarize yourself with the Audit Manager API actions and data types.

More Audit Manager resources

Explore the following resources to learn more about Audit Manager.