What is AWS Audit Manager? - AWS Audit Manager

What is AWS Audit Manager?

Welcome to the AWS Audit Manager User Guide.

AWS Audit Manager helps you continually audit your AWS usage to simplify how you manage risk and compliance with regulations and industry standards. Audit Manager automates evidence collection so you can more easily assess whether your policies, procedures, and activities—also known as controls—are operating effectively. When it's time for an audit, Audit Manager helps you manage stakeholder reviews of your controls. This means that you can build audit-ready reports with much less manual effort.

AWS Audit Manager provides prebuilt frameworks that structure and automate assessments for a given compliance standard or regulation. Frameworks include a prebuilt collection of controls with descriptions and testing procedures. These controls are grouped according to the requirements of the specified compliance standard or regulation. You can also customize frameworks and controls to support internal audits according to your specific requirements.

You can create an assessment from any framework. When you create an assessment, AWS Audit Manager automatically runs resource assessments. These assessments collect data for both the AWS account and services that you define as in scope for your audit. The data that's collected is automatically transformed into audit-friendly evidence. Then, it's attached to the relevant controls to help you demonstrate compliance in security, change management, business continuity, and software licensing. This evidence collection process is ongoing, and starts when you create your assessment. After you complete an audit and you no longer need Audit Manager to collect evidence, you can stop evidence collection. To do this, change the status of your assessment to inactive.

Features of AWS Audit Manager

With AWS Audit Manager, you can do the following tasks:

  • Get started quicklyCreate your first assessment by selecting from a gallery of prebuilt frameworks that support a range of compliance standards and regulations. Then, initiate automatic evidence collection to audit your AWS service usage.

  • Support common compliance standards and regulations — Choose one of the AWS Audit Manager standard frameworks. These frameworks provide prebuilt control mappings for common compliance standards and regulations. These include the CIS Foundation Benchmark, PCI DSS, GDPR, HIPAA, HITRUST, SOC2, GxP, and AWS operational best practices.

  • Customize frameworksCreate your own frameworks with standard or custom controls based on your specific requirements for internal audits.

  • Share custom frameworks Share your custom AWS Audit Manager frameworks with another AWS account, or replicate them into another AWS Region under your own account.

  • Support cross-team collaborationDelegate control sets to subject matter experts who can review related evidence, add comments, and update the status of each control.

  • Create reports for auditors Generate assessment reports that summarize the relevant evidence that's collected for your audit and link to folders that contain the detailed evidence.

  • Ensure evidence integrityStore evidence in a secure location, where it remains unaltered.

Note

AWS Audit Manager assists in collecting evidence that's relevant for verifying compliance with specific compliance standards and regulations. However, it doesn't assess your compliance itself. The evidence that's collected through AWS Audit Manager therefore might not include all the information about your AWS usage that's needed for audits. AWS Audit Manager isn't a substitute for legal counsel or compliance experts.

Pricing for AWS Audit Manager

For more information about pricing, see AWS Audit Manager Pricing.

Are you a first-time user of AWS Audit Manager?

If you're a first-time user of Audit Manager, we recommend that you start with the following pages:

  1. AWS Audit Manager concepts and terminology – Learn about the key concepts and terms used in Audit Manager, such as assessments, frameworks, and controls.

  2. How AWS Audit Manager collects evidence – Learn about how Audit Manager gathers evidence for a resource assessment.

  3. Setting up – Learn about the setup requirements for AWS Audit Manager.

  4. Getting Started – Follow a tutorial to create your first Audit Manager assessment.

  5. AWS Audit Manager API Reference – Familiarize yourself with the Audit Manager API actions and data types.

More AWS Audit Manager resources

Explore the following resources to learn more about AWS Audit Manager.