Why AWS Audit Manager
As more and more applications have been migrated to the cloud, compliance becomes a significant concern for companies. In some industries, meeting the compliance regulations is a must to provide products or services to end users. For example, in the e-commerce industry, companies are often required to meet Payment Card Industry Data Security Standard (PCI DSS) to ensure data security for customers’ payment accounts. Staying compliant with the global standards not only prevents your company from cybersecurity threats but also help you earn trust and credibility from your end customers. However, as the cloud develops a variety of features to enhance your cloud applications, it increases the complexity for companies to keep the cloud infrastructure consistent with the compliance standards as always at the same time. As a result, AWS introduces AWS Audit Manager service to solve this problem.
Benefits to customer
Automate collection of evidence
You can select one of the following four types of control data sources for automated collection of evidence.
- User activity from AWS CloudTrail logs
- Compliance checks from AWS Security Hub checks
- Compliance checks from AWS Config
- Configuration data from AWS API calls
The automation saves your time on manually finding the evidence to meet the compliance standards, which makes it in particular helpful for temporary emergent audit needs.
Map AWS usage to controls
You can select the prebuilt frameworks that map your AWS resources to control requirements, or customize these prebuilt frameworks and controls to tailor them to your unique needs.
Common used prebuilt frameworks include but not limited to:
- CIS AWS Foundations Benchmarks
- General Data Protection Regulation (GDPR)
- Payment Card Industry Data Security Standard (PCI DSS)
- Health Insurance Privacy and Portability Act (HIPAA)
Prepare for audit-ready reports
The final assessment report contains a summary file on your assessment and provides links to an organized set of folders containing related evidence, which are named and organized as defined by the control set in each framework. The reports are well-organized for you to easily demonstrate the compliance status to your auditors as well as for your technical team to control your AWS environment better.
Ensure assessment report and evidence integrity
The assessment report that AWS Audit Manager generated is securely stored in its own managed storage repository with read-only permissions to your end-users. When you generate audit-ready reports, Audit Manager produces a report file checksum so you can validate that the report evidence remains unaltered. Both the summary report and evidence can be downloaded to share with your auditors.