Prerequisites Procedure Next steps Additional resources

Reviewing a common control

When you need to review the details of a control, you'll find the information organized into several sections on the control details page. These sections help you easily access and understand the relevant information for that control.

Prerequisites

Make sure your IAM identity has appropriate permissions to view common controls in Audit Manager. More specifically, you need the following permissions to view the common controls, control objectives, and control domains that are provided by AWS Control Catalog:

controlcatalog:ListCommonControls
controlcatalog:ListDomains
controlcatalog:ListObjectives

A suggested policy that grants these permissions is AWSAuditManagerAdministratorAccess.

Procedure

You can review a common control using the Audit Manager console, the AWS Control Catalog API, or the AWS Command Line Interface (AWS CLI).

Audit Manager console

To view common control details on the Audit Manager console

Open the AWS Audit Manager console at https://console.aws.amazon.com/auditmanager/home.
In the navigation pane, choose Control library.
Choose Common to see the common controls that are provided by AWS.
Choose any common control name to view the details for that control.
Review the common control details using the following information as reference.

Overview section

This section describes the common control.

Evidence sources tab

This tab includes the following information:

Name	Description
Core controls	These are the core controls that collect evidence to support the common control. When you collect evidence for this common control, you automatically collect evidence for all of the core controls that are listed here. When each of these core controls is implemented successfully, this helps to demonstrate that you’re meeting the requirements of the common control. Each core control uses a predefined grouping of data sources to collect evidence about an AWS service. AWS manages these data sources for you. This means that they’re automatically updated whenever regulations and standards change and new data sources are identified. Choose any core control to see the underlying data sources.

Name

Description

Core controls

These are the core controls that collect evidence to support the common control.

When you collect evidence for this common control, you automatically collect evidence for all of the core controls that are listed here. When each of these core controls is implemented successfully, this helps to demonstrate that you’re meeting the requirements of the common control.
Each core control uses a predefined grouping of data sources to collect evidence about an AWS service. AWS manages these data sources for you. This means that they’re automatically updated whenever regulations and standards change and new data sources are identified. Choose any core control to see the underlying data sources.

Related requirements tab

When you collect evidence for this common control, the same evidence can help you to demonstrate compliance with the requirements of the related standard controls that are listed on this tab. Choose any standard control to see more details.

Note

The common control might produce evidence that demonstrates only partial compliance with a standard control. It’s possible that you might need additional evidence to demonstrate full compliance with a standard control.
At this time, the Related requirements tab shows related standard controls only. Although a common control can be related to one or more custom controls, those relationships aren't displayed in this tab.

AWS CLI

To view common control details in the AWS CLI

Run the list-common-controls command to see a list of available common controls. When you use this operation, you can apply an optional common-control-filter to see common controls that have a specific objective.
```
aws controlcatalog list-common-controls
```
In the response, identify the common control that you want to review and take note of its details.

AWS Control Catalog API

To view common control details using the API

Use the ListCommonControls operation to see a list of available common controls. When you use this operation, you can apply an optional commonControlFilter to see a list of controls that have a specific objective.
In the response, identify the control that you want to review and take note of its details.

For more information about these API operations, choose the link in this procedure to read more in the AWS Control Catalog API Reference. This includes information about how to use these operations and parameters in one of the language-specific AWS SDKs.

Next steps

You can choose the common controls that represent your goals and use them as building blocks to create a custom control. Each automated common control maps to a predefined grouping of AWS data sources that Audit Manager handles for you. This means that you don’t have to be an AWS expert to know which data sources collect the relevant evidence for your goals. Moreover, you don't have to maintain these data source mappings yourself.

For instructions on how to create a custom control that uses common controls as an evidence source, see Creating a custom control in AWS Audit Manager.

Additional resources

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Reviewing a control

Core controls