Prerequisites Procedure Next steps Additional resources

Reviewing a custom control

You can review the details of a custom control by using the Audit Manager console, the Audit Manager API, or the AWS Command Line Interface (AWS CLI).

Prerequisites

Make sure your IAM identity has appropriate permissions to view controls in AWS Audit Manager. Two suggested policies that grant these permissions are AWSAuditManagerAdministratorAccess and Allow users management access to AWS Audit Manager.

Procedure

You can review the details of a custom control by using the Audit Manager console, the Audit Manager API, or the AWS Command Line Interface (AWS CLI).

Audit Manager console

To view custom control details on the Audit Manager console

Open the AWS Audit Manager console at https://console.aws.amazon.com/auditmanager/home.
In the navigation pane, choose Control library.
Choose Custom to see the custom controls that you created.
Choose any custom control name to view the details for that control.
Review the custom control details using the following information as reference.

Overview section

This section describes the custom control and lists the data source types that it uses to collect evidence. It also provides information about when the control was created and last updated.

Evidence sources tab

This tab shows where the custom control collects evidence from. It includes the following information:

Name Description

Name	Description
Common controls	These are the common controls that collect evidence to support the custom control. Common controls collect evidence using underlying data sources that AWS manages for you. For every common control that’s listed, Audit Manager collects the relevant evidence for all of the supporting core controls. Choose a common control to see the related core controls.
Core controls	These are the core controls that collect evidence to support the custom control. Core controls collect evidence by using a predefined group of data sources that AWS manages for you. Choose a core control to see the underlying data sources.
Data sources	These are the data sources that collect evidence to support the custom control. Note These data sources aren't managed for you by AWS. You're responsible for maintaining them. Name – The name of the data source. Type – The type of data source that the evidence comes from. If Audit Manager collects the evidence, the type can be AWS Security Hub, AWS Config, AWS CloudTrail, or AWS API calls. If you upload your own evidence, the type is Manual. A description indicates if the required manual evidence is a File upload or a Text response. Mapping – The specific keyword that's used to collect evidence. If the type is AWS Config, the mapping is an AWS Config rule (such as `SNS_ENCRYPTED_KMS`). If the type is AWS Security Hub, the mapping is a Security Hub control (such as `EC2.1`). If the type is AWS API calls, the mapping is an API call (such as `kms_ListKeys`). If the type is AWS CloudTrail, the mapping is a CloudTrail event (such as `CreateAccessKey`). Frequency – How often Audit Manager collects evidence for an AWS API call data source.

Common controls

These are the common controls that collect evidence to support the custom control.

Common controls collect evidence using underlying data sources that AWS manages for you. For every common control that’s listed, Audit Manager collects the relevant evidence for all of the supporting core controls. Choose a common control to see the related core controls.

Core controls

These are the core controls that collect evidence to support the custom control.

Core controls collect evidence by using a predefined group of data sources that AWS manages for you. Choose a core control to see the underlying data sources.

Data sources

These are the data sources that collect evidence to support the custom control.

Note

These data sources aren't managed for you by AWS. You're responsible for maintaining them.

Name – The name of the data source.
Type – The type of data source that the evidence comes from.
- If Audit Manager collects the evidence, the type can be AWS Security Hub, AWS Config, AWS CloudTrail, or AWS API calls.
- If you upload your own evidence, the type is Manual. A description indicates if the required manual evidence is a File upload or a Text response.
Mapping – The specific keyword that's used to collect evidence.
- If the type is AWS Config, the mapping is an AWS Config rule (such as SNS_ENCRYPTED_KMS).
- If the type is AWS Security Hub, the mapping is a Security Hub control (such as EC2.1).
- If the type is AWS API calls, the mapping is an API call (such as kms_ListKeys).
- If the type is AWS CloudTrail, the mapping is a CloudTrail event (such as CreateAccessKey).
Frequency – How often Audit Manager collects evidence for an AWS API call data source.

Details tab

This tab includes the following information:

Name	Description
Instructions	The directions that describe how to test and remediate the control.
Testing information	The recommended testing procedures.
Action plan	The recommended actions to take if you need to remediate the control.
Tags	The tags that are associated with the control.
Key	The tag key (for example, a compliance standard, regulation, or category).
Value	The tag value.

AWS CLI

To view custom control details in the AWS CLI

Follow the steps to find a control. Make sure to set the --control-type as Custom, and apply any optional filters as needed.
```
aws auditmanager list-controls --control-type Custom
```
In the response, identify the control that you want to review and take note of the control ID and Amazon Resource Name (ARN).
Run the get-control command and specify the --control-id. In the following example, replace the placeholder text with your own information.
```
aws auditmanager get-control --control-id a1b2c3d4-5678-90ab-cdef-EXAMPLE11111
```
Tip
The control details are returned in JSON format. To help you understand this data, see get-control Output in the AWS CLI Command Reference.
To see the tags for a control, use the list-tags-for-resource command and specify the --resource-arn. In the following example, replace the placeholder text with your own information:
```
aws auditmanager list-tags-for-resource --resource-arn arn:aws:auditmanager:us-east-1:111122223333:control/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111
```

Audit Manager API

To view custom control details using the API

Follow the steps to find a control. Make sure to set the controlType as Custom, and apply any optional filters as needed.
In the response, identify the control that you want to review and take note of the control ID and its Amazon Resource Name (ARN).
Use the GetControl operation and specify the controlId that you noted in step 2.

Tip
The control details are returned in JSON format. To help you understand this data, see GetControl Response Elements in the AWS Audit Manager API Reference.
To see tags for the control, use the ListTagsForResource operation and specify the control resourceArn that you noted in step 2.

For more information about these API operations, choose any of the links in this procedure to read more in the AWS Audit Manager API Reference. This includes information about how to use these operations and parameters in one of the language-specific AWS SDKs.

Next steps

You can add a custom control to any of your custom frameworks. For instructions, see Creating a custom framework in AWS Audit Manager.

You can also edit a custom control, make an editable copy of a custom control, or delete a custom control that you no longer need.

Additional resources

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Standard controls

Creating a custom control