What is AWS Audit Manager? - AWS Audit Manager

What is AWS Audit Manager?

Welcome to the AWS Audit Manager User Guide.

AWS Audit Manager helps you continuously audit your AWS usage to simplify how you manage risk and compliance with regulations and industry standards. Audit Manager automates evidence collection to make it easier to assess whether your policies, procedures, and activities—also known as controls—are operating effectively. When it is time for an audit, Audit Manager helps you manage stakeholder reviews of your controls, which means you can build audit-ready reports with much less manual effort.

AWS Audit Manager provides prebuilt frameworks that structure and automate assessments for a given compliance standard or regulation. Frameworks include a prebuilt collection of controls with descriptions and testing procedures, which are grouped according to the requirements of the specified compliance standard or regulation. You can also customize frameworks and controls to support internal audits with unique requirements.

You can create an assessment from any framework. When you create an assessment, AWS Audit Manager automatically runs resource assessments that collect data for the AWS account and services that you define as in scope for your audit. The collected data is automatically transformed into audit-friendly evidence and attached to the relevant controls to help you demonstrate compliance in security, change management, business continuity, and software licensing

With AWS Audit Manager, you can do the following:

  • Get started quickly — Select from a gallery of prebuilt frameworks that support a range of compliance standards and regulations, then begin the automated collection of evidence to audit your AWS service usage.

  • Support common compliance standards and regulations — Choose from the AWS Audit Manager standard frameworks, which provide prebuilt control mappings for common compliance standards and regulations including CIS Foundation Benchmark, PCI DSS, GDPR, HIPAA, HITRUST, SOC2, GxP, and AWS operational best practices.

  • Customize frameworks — Create your own frameworks with standard or custom controls that help you meet your unique requirements for internal audits.

  • Support cross-team collaboration — Delegate control sets to subject matter experts who can review related evidence, add comments, and update the status of each control.

  • Create reports for auditors — Generate assessment reports that summarize the relevant evidence collected for your audit and link to folders that contain the detailed evidence.

  • Ensure evidence integrity — Store evidence in a secure location, where it remains unaltered.

Note

AWS Audit Manager is designed to assist in collecting evidence that is relevant for verifying compliance with certain compliance standards and regulations, but it does not assess your compliance itself. The evidence collected through AWS Audit Manager therefore may not include all information about your AWS usage needed for audits. AWS Audit Manager is not a substitute for legal counsel or compliance experts.

Review the following sections to familiarize yourself with some of the terminology and basic concepts in AWS Audit Manager.