Changing the status of an assessment control in AWS Audit Manager

You can change the status of an assessment control within your active assessment. Updating a control's status enables you to track its progress and indicate when you have reviewed it, keeping your assessment organized and up-to-date.

Prerequisites

The following procedure assumes that you have previously created an assessment, and its current status is active.

Make sure your IAM identity has appropriate permissions to manage an assessment in AWS Audit Manager. Two suggested policies that grant these permissions are AWSAuditManagerAdministratorAccess and Allow users management access to AWS Audit Manager.

Procedure

You can update an assessment control status using the Audit Manager console, the Audit Manager API, or the AWS Command Line Interface (AWS CLI).

Note

Changing a control status to Reviewed is final. After you set the status of a control to Reviewed, you can no longer change the status of that control or revert to a previous status.

Audit Manager console

To change an assessment control status on the Audit Manager console

Open the AWS Audit Manager console at https://console.aws.amazon.com/auditmanager/home.
In the navigation pane, choose Assessments.
Choose the name of the assessment to open it.
From the assessment page, choose the Controls tab, scroll down to the Control sets table, and then choose the name of a control to open it.

Choose Update control status at the top right of the page, and then choose a status:

Status	Description
Under review	Choose this status if you haven't reviewed the control yet.
Reviewed	Choose this status if you have finished reviewing the evidence for this control, and you want to continue collecting or adding evidence.
Inactive	Choose this status if you want to stop collecting automated evidence for this control.

Choose Update control status to confirm your choice.

AWS CLI

To change an assessment control status in the AWS CLI

Run the list-assessments command.
```
 aws auditmanager list-assessments
```
The response returns a list of assessments. Find the assessment that contains the control that you want to update, and take note of the assessment ID.
Run the get-assessment command and specify the assessment ID from step 1.

In the following example, replace the placeholder text with your own information.
```
 aws auditmanager get-assessment --assessment-id 1a2b3c4d-1a2b-1a2b-1a2b-1a2b3c4e5f6g
```
In the response, find the control that you want to update and take note of the control ID and its control set ID.
Run the update-assessment-control command and specify the following parameters:
- --assessment-id – The assessment that the control belongs to.
- --control-set-id – The control set that the control belongs to.
- --control-id – The control that you want to update.
- --control-status – Set this value to UNDER_REVIEW, REVIEWED, or INACTIVE.
In the following example, replace the placeholder text with your own information.
```
aws auditmanager update-assessment-control --assessment-id 1a2b3c4d-1a2b-1a2b-1a2b-1a2b3c4e5f6g --control-set-id "My control set" --control-id 2b3c4d5e-2b3c-2b3c-2b3c-2b3c4d5f6g7h --control-status REVIEWED
```

Audit Manager API

To change an assessment control status using the API

Use the ListAssessments operation.

In the response, find the assessment that contains the control that you want to update, and take note of the assessment ID.
Use the GetAssessment operation and specify the assessment ID from step 1.

In the response, find the control that you want to update and take note of the control ID and its control set ID.
Use the UpdateAssessmentControl operation and specify the following parameters:
- assessmentId – The assessment that the control belongs to.
- controlSetId – The control set that the control belongs to.
- controlId –The control that you want to update.
- controlStatus – Set this value to UNDER_REVIEW, REVIEWED, or INACTIVE.

For more information about these API operations, choose any of the links in the previous procedure to read more in the AWS Audit Manager API Reference. This includes information about how to use these operations and parameters in one of the language-specific AWS SDKs.

Next steps

When you're ready to change the status of the assessment, see Changing the status of an assessment to inactive in AWS Audit Manager.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Generating an assessment report

Changing an assessment status