Reviewing a core control - AWS Audit Manager
PrerequisitesProcedureNext stepsAdditional resources

Reviewing a core control

You can review the details of a core control by using the Audit Manager console, the Audit Manager API, or the AWS Command Line Interface (AWS CLI).

Prerequisites

Make sure your IAM identity has appropriate permissions to view controls in AWS Audit Manager. Two suggested policies that grant these permissions are AWSAuditManagerAdministratorAccess and Allow users management access to AWS Audit Manager.

Procedure

Audit Manager console
To view core control details on the Audit Manager console

  1. Open the AWS Audit Manager console at https://console.aws.amazon.com/auditmanager/home.

  2. In the navigation pane, choose Control library.

  3. Choose Common to see the common controls that are provided by AWS.

  4. Look for the common control that meets your use case.

  5. Choose the tree view icon next to the common control name. This displays the core controls that support the common control.

  6. Choose the name of the core control that you want to review.

  7. Review the core control details using the following information as reference.

Overview section

This section describes the core control and lists the data source types where it collects evidence from.

Evidence sources tab

This tab includes the following information:

Name Description

Data sources

 These are the AWS managed data sources that the core control collects evidence from. These data sources are automatically updated whenever regulations and standards change and new data sources are identified.

  • Mapping – The specific keyword that's used to collect evidence.

    • If the type is AWS Config, the mapping is an AWS Config rule (such as SNS_ENCRYPTED_KMS).

    • If the type is AWS Security Hub, the mapping is a Security Hub control (such as EC2.1).

    • If the type is AWS API calls, the mapping is an API call (such as kms_ListKeys).

    • If the type is AWS CloudTrail, the mapping is a CloudTrail event (such as CreateAccessKey).

  • Type – The type of data source that the evidence comes from.

    • If Audit Manager collects the evidence, the type can be AWS Security Hub, AWS Config, AWS CloudTrail, or AWS API calls.

    • If you upload your own evidence, the type is Manual. A description indicates if the required manual evidence is a File upload or a Text response.

  • Frequency – How often Audit Manager collects evidence for an AWS API call data source.
Details tab

This tab includes the following information:

Name Description

Instructions

 The directions that describe how to test and remediate the control.

Testing information

 The recommended testing procedures.
Action plan

The recommended actions to take if you need to remediate the control.
AWS CLI
To view core control details in the AWS CLI

  1. Follow the steps to find a control. Make sure to set the --control-type as Core, and apply any optional filters as needed.

    aws auditmanager list-controls --control-type Core

  2. In the response, identify the control that you want to review and take note of the control ID and Amazon Resource Name (ARN).

  3. Run the get-control command and specify the --control-id. In the following example, replace the placeholder text with your own information.

    aws auditmanager get-control --control-id a1b2c3d4-5678-90ab-cdef-EXAMPLE11111
    Tip

    The control details are returned in JSON format. To help you understand this data, see get-control Output in the AWS CLI Command Reference.

  4. To see tag details, run the list-tags-for-resource command and specify the --resource-arn. In the following example, replace the placeholder text with your own information.

    aws auditmanager list-tags-for-resource --resource-arn arn:aws:auditmanager:us-east-1:111122223333:control/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111
Audit Manager API
To view core control details using the API

  1. Follow the steps to find a control. Make sure to set the controlType as Core, and apply any optional filters as needed.

  2. In the response, identify the control that you want to review and take note of the control ID and Amazon Resource Name (ARN).

  3. Use the GetControl operation and specify the controlId that you noted in step 2.

    Tip

    The control details are returned in JSON format. To help you understand this data, see GetControl Response Elements in the AWS Audit Manager API Reference.

  4. To see tag details, use the ListTagsForResource operation and specify the resourceArn that you noted in step 2.

For more information about these API operations, choose any of the links in this procedure to read more in the AWS Audit Manager API Reference. This includes information about how to use these operations and parameters in one of the language-specific AWS SDKs.

Next steps

You can choose the core controls that represent your goals and use them as building blocks to create a custom control. Each automated core control maps to a predefined grouping of AWS data sources that Audit Manager handles for you. This means that you don’t have to be an AWS expert to know which data sources collect the relevant evidence for your goals. Moreover, you don't have to maintain these data source mappings yourself.

For instructions on how to create a custom control that uses core controls as an evidence source, see Creating a custom control in AWS Audit Manager.

Additional resources