AWS Audit Manager allows users to align compliance requirements with AWS data, enabling continuous auditing of AWS usage for risk and compliance assessments. The platform features a common control library with pre-defined controls mapped to AWS data sources, reducing the burden on IT teams in assigning business controls for evidence collection. This library streamlines compliance requirements across multiple frameworks, eliminating the need to address different standards individually.
By utilizing controls from the common control library, users inherit updates and new data sources automatically, such as CloudTrail events and API calls, without manual intervention. This feature ensures the ongoing relevance of evidence sources and simplifies the adoption of additional compliance frameworks added to the library by Audit Manager.
An illustrative example showcases how a company can ensure compliance with a new business control by navigating the common control library to identify relevant controls for their IT operations. In this scenario, the airline seeks to verify the availability of customer transaction data in their applications on AWS. By leveraging the common controls, users can tailor controls to their specific needs by creating custom controls or adopting related controls from the library.
The deployment of custom controls can be managed by compliance teams with minimal IT involvement, enhancing efficiency in evidence collection and compliance reporting. This approach not only accelerates compliance procedures but also optimizes resources and efforts for both compliance and IT teams.
The common control library feature is accessible in all AWS regions offering Audit Manager with no additional costs. This capability enhances the risk and compliance assessment process, simplifying the mapping of business controls and evidence collection within Audit Manager.
For more insights and guidance on utilizing the common control library in AWS Audit Manager, users can refer to the AWS Audit Manager User Guide. This tool empowers organizations to maintain compliance standards effectively and efficiently in alignment with their system architecture and AWS services.
Article Source
https://aws.amazon.com/blogs/aws/simplify-risk-and-compliance-assessments-with-the-new-common-control-library-in-aws-audit-manager/
