A service that will help you audit your AWS usage on a regular basis in order to simplify risk management and compliance with regulations and industry standards.
Automates evidence collection for policies, procedures, and activities, as well as the creation of audit reports.
Centrally manage and upload evidence from on-premises or multi-cloud environments.
View analytics data for active assessments on the Audit Manager dashboard and quickly identify non-compliant evidence that needs to be remedied.
Creation of frameworks with standard or custom controls based on your specific internal audit requirements.
Custom frameworks can also be shared with another AWS account or replicated into another AWS Region under your own account.
Supports control set delegation to team members to assist you in reviewing related evidence, adding comments, and updating the status of each control.
An assessment is based on a framework, which is a collection of controls.
When you create an assessment, continuous collection of evidence begins.
For audit, you or a delegate can review this evidence and add it to an assessment report.
An assessment has two states:
Active – currently collecting evidence.
Inactive – stops collecting evidence.
Summarizes the evidence that was gathered from an assessment.
It also includes links to evidence PDF files.
Assessment reports are placed in an S3 bucket.
Allows you to delegate a control set to a subject matter expert for review and validation of evidence.
In different AWS Regions, an account can be:
Delegates are asked by audit owners to review the evidence associated with a control set.
Defines the controls and data source mappings for a given compliance standard or regulation
Standard Frameworks – prebuilt AWS frameworks
Custom Frameworks – frameworks that you own.
By creating a share request, a recipient can use your custom framework to create assessments.
AWS predefined controls.
Editing or deleting standard controls is not allowed.
You can customize any standard control to meet your specific requirements.
Customized controls that you own.
Allows you to define which data sources you want to collect evidence from.
The data source types for automated evidence:
AWS API calls
AWS Security Hub
You can capture snapshots of your resource security posture by reporting:
Results of security checks directly from AWS Security Hub.
Findings to AWS Config.
Collects log data from AWS CloudTrail and converts processed logs into evidence of user activity.
Audit Manager includes a License Manager framework to help you prepare for audits.
You can use the following services to help you prepare for your audit:
AWS License Manager framework
AWS Control Tower Guardrails framework
Using Amazon SNS, you can send a notification to a user when one of the following events occurs:
The audit owner delegates a control set for review.
The audit owner has finished reviewing a control set.
The delegate submits a control set that has been reviewed to the audit owner.
Uses AWS IAM service-linked roles to connect to data sources.
Data is encrypted using the AWS KMS key.
You are charged based on the number of resource assessments performed.
You are charged for assessment reports stored in Amazon S3.