Using the control library to manage controls in AWS Audit Manager
You can access and manage controls from the control library in AWS Audit Manager.
Key points
In the control library, controls are organized into the following categories.
-
Common controls collect evidence that supports multiple overlapping compliance standards. Automated common controls contain one or more related core controls that each collect supporting evidence from a predefined group of data sources. This provides you with an efficient way to identify the AWS data sources that map to your portfolio of compliance requirements. The underlying data sources for each automated common control are validated and maintained by industry certified assessors in AWS Security Assurance Services
. -
Standard controls collect evidence to support a specific compliance standard. You can view the details of standard controls, but you can't edit or delete them. However, you can make an editable copy of any standard control to create a new control that meets your specific requirements.
-
Custom controls are controls that you own and define. When you create a custom control, we recommend that you choose the common controls that represent your goals and use them as an evidence source. As a result, your custom control can collect all of the evidence that’s relevant to those common controls. You can also use core controls as an evidence source, or use other sources that you define yourself. When you’re done, add your custom controls to a custom framework, and then create an assessment to start collecting evidence.
Additional resources
To create and manage controls in Audit Manager, follow the procedures that are outlined here.