AWS Audit Manager will no longer be open to new customers starting April 30, 2026. If you would like to use Audit Manager, sign up prior to that date. Existing customers can continue to use the service as normal. For more information, see [AWS Audit Manager availability change](https://docs.aws.amazon.com/audit-manager/latest/userguide/audit-manager-availability-change.html).
# Sharing a custom framework in AWS Audit Manager
You can use the framework sharing feature of AWS Audit Manager to quickly replicate the custom frameworks that you create. You can share your custom frameworks with another AWS account, or replicate your frameworks into another AWS Region under your own account. The recipient can then access your custom framework and use it to create assessments. They can do this without having to repeat any of your configuration efforts for that framework.
## Key points
To share a custom framework, you create a *share request*. The recipient of the share request then has 120 days to accept or decline the request. When they accept the share request, Audit Manager replicates the shared custom framework into their framework library. In addition to replicating the custom framework, Audit Manager also replicates any custom control sets and custom controls that are part of that framework. These custom controls are then added to the recipient’s control library. Audit Manager doesn’t replicate standard frameworks or controls. By default, these are available in all AWS accounts and Regions where Audit Manager is enabled.
The framework sharing feature is available on the paid tier only. However, there are no additional charges for sharing a custom framework or accepting a share request. To learn more about pricing for AWS Audit Manager, see the [AWS Audit Manager pricing page](https://aws.amazon.com/audit-manager/pricing).
**Important**
You may not share a custom framework that is derived from a standard framework if the standard framework is designated as not eligible for sharing by AWS, unless you have obtained permission to do so from the owner of the standard framework. To see which standard frameworks are not eligible for sharing and learn more, see [Framework sharing eligibility](https://docs.aws.amazon.com/audit-manager/latest/userguide/share-custom-framework-concepts-and-terminology.html#eligibility).
## Additional resources
To learn more about how to share custom frameworks in Audit Manager, see the following resources.
+ [Framework sharing concepts and terminology](share-custom-framework-concepts-and-terminology.md)
+ [Sending request to share a custom framework in AWS Audit Manager](framework-sharing.md)
+ [Responding to share requests in AWS Audit Manager](responding-to-shared-framework-requests.md)
+ [Deleting share requests in AWS Audit Manager](deleting-shared-framework-requests.md)
# Framework sharing concepts and terminology
If you learn about the following key concepts, you can get more out of the AWS Audit Manager custom framework sharing feature.
## Key points
**Sender**
This is the creator of a share request and the AWS account where the custom framework exists. Senders can share custom frameworks with any AWS account. Or, they replicate a custom framework to any supported AWS Region under their own account.
**Recipient**
This is the consumer of the shared framework. Recipients can either accept or decline a share request from a sender.
A recipient can be a delegated administrator account. However, you can't share custom frameworks with an AWS Organizations management account.
**Framework eligibility**
You can only share custom frameworks. By default, standard frameworks are already present in all AWS accounts and AWS Regions where AWS Audit Manager is enabled. In addition, the custom frameworks that you share must not contain sensitive data. This includes data found within the framework itself, its control sets, and any of the custom controls that are part of the custom framework.
Some of the standard frameworks that are offered by AWS Audit Manager contain copyrighted material that’s subject to license agreements. Custom frameworks might contain content that’s derived from these frameworks. You may not share a custom framework that's derived from a standard framework if the standard framework is designated as not eligible for sharing by AWS, unless you have obtained permission to do so from the owner of the standard framework.
To learn which standard frameworks are eligible for sharing, refer to the following table.
[\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/audit-manager/latest/userguide/share-custom-framework-concepts-and-terminology.html)
**Share request**
To share a custom framework, you create a *share request*. The share request specifies a recipient and notifies them that a custom framework is available. Recipients have 120 days to respond to a share request by accepting or declining. If no action is taken in 120 days, the share request expires and the recipient loses the ability to add the custom framework to their framework library. Senders and recipients can view and take action on share requests from the share requests page of the framework library.
**Share request status**
Share requests can have any of the following statuses.
[\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/audit-manager/latest/userguide/share-custom-framework-concepts-and-terminology.html)
**Share request notifications**
Audit Manager notifies recipients when they receive a share request. Both recipients and senders receive a notification when a share request is due to expire sometime in the next 30 days.
+ For recipients, a blue notification dot appears next to received requests with an **Active** or **Expiring** status. The recipient can resolve the notification by accepting or declining the share request.
+ For senders, a blue notification dot appears next to sent requests with an **Expiring** status. The notification is resolved when the recipient accepts or declines the request. Otherwise, it's resolved when the request expires. Additionally, the sender can resolve the notification by revoking the share request.
**Sender ownership**
Senders maintain full access over the custom frameworks that they share. They can cancel active share requests at any time by [revoking the share request](https://docs.aws.amazon.com/audit-manager/latest/userguide/framework-sharing.html#framework-sharing-step-4) before it expires. However, after a recipient accepts a share request, the sender can no longer revoke the recipient’s access to that custom framework. This is because when the recipient accepts the request, Audit Manager creates an independent copy of the custom framework in the recipient’s framework library.
In addition to replicating the sender’s custom framework, Audit Manager also replicates any custom control sets and custom controls that are part of that framework. However, Audit Manager doesn’t replicate any tags that are attached to the custom framework.
**Recipient ownership**
Recipients have full access over the custom frameworks that they accept. When recipient accepts the request, Audit Manager replicates the custom framework to the custom frameworks tab of their framework library. Recipients can then manage the shared custom framework in the same way as any other custom framework. Recipients can share the custom frameworks that they receive from other senders. Recipients can’t block senders from sending share requests.
**Shared framework expiration**
When a sender creates a share request, Audit Manager sets the request to expire after 120 days. Recipients can accept and gain access to the shared framework before the request expires. If a recipient doesn’t accept during this time, the share request expires. After this point, a record of the expired share request remains in their history. Snapshots of expired shared frameworks are archived to an S3 bucket with a one-year TTL for audit purposes.
Senders can choose to [revoke a share request](https://docs.aws.amazon.com/audit-manager/latest/userguide/framework-sharing.html#framework-sharing-step-4) at any time before it’s due to expire.
**Shared framework data storage and backup**
When you create a share request, Audit Manager stores a snapshot of your custom framework in the US East (N. Virginia) AWS Region. Audit Manager also stores a backup of the same snapshot in the US West (Oregon) AWS Region.
Audit Manager deletes the snapshot and the backup snapshot when one of the following events occurs:
+ The sender revokes the share request.
+ The recipient declines the share request.
+ The recipient encounters an error and doesn't successfully accept the share request.
+ The share request expires before the recipient responds to the request.
When a sender [resends a share request](https://docs.aws.amazon.com/audit-manager/latest/userguide/framework-sharing.html#framework-sharing-resend), the snapshot is replaced with an updated version that corresponds with the latest version of the custom framework.
When a recipient accepts a share request, the snapshot is replicated into their AWS account under the AWS Region that was specified in the share request.
**Shared framework versioning**
When you share a custom framework, Audit Manager creates an independent copy of that framework in the specified AWS account and Region. This means that you should keep in mind the following points:
+ The shared framework that a recipient accepts is a snapshot of the framework at the time of the share request creation. If you update the original custom framework after sending a share request, the request isn't automatically updated. To share the latest version of the updated framework, you can [resend the share request](https://docs.aws.amazon.com/audit-manager/latest/userguide/framework-sharing.html#framework-sharing-resend). The expiration date of this new snapshot is 120 days from the re-share date.
+ When you share a custom framework with another AWS account and then delete it from your framework library, the shared custom framework remains in the recipient's framework library.
+ When you share a custom framework to another AWS Region under your account and then delete that custom framework in the first AWS Region, the custom framework remains in the second Region.
+ When you delete a shared custom framework after accepting it, any custom controls that were replicated as part of the custom framework remain in your control library.
## Additional resources
+ [Sending request to share a custom framework in AWS Audit Manager](framework-sharing.md)
+ [Responding to share requests in AWS Audit Manager](responding-to-shared-framework-requests.md)
+ [Deleting share requests in AWS Audit Manager](deleting-shared-framework-requests.md)
+ [Troubleshooting framework issues](framework-issues.md)
# Sending request to share a custom framework in AWS Audit Manager
This tutorial describes how to share your custom frameworks across AWS accounts and AWS Regions.
When you share a custom framework, Audit Manager creates a snapshot of your framework and sends a share request to the recipient. The recipient has 120 days to accept the shared framework. When they accept, Audit Manager replicates the shared custom framework to their framework library in the specified AWS Region. If you want to replicate a custom framework to another Region under your own account, use the following tutorial and enter your own AWS account ID as the recipient account ID.
## Prerequisites
Before you start this tutorial, make sure that you first meet the following conditions:
+ You're familiar with Audit Manager [framework sharing concepts and terminology](https://docs.aws.amazon.com/audit-manager/latest/userguide/share-custom-framework-concepts-and-terminology.html).
+ The custom framework that you want to share is [eligible for sharing](https://docs.aws.amazon.com/audit-manager/latest/userguide/share-custom-framework-concepts-and-terminology.html#eligibility) and exists in the framework library of your AWS Audit Manager environment.
+ The recipient already enabled AWS Audit Manager in the AWS Region where you want to share the custom framework.
+ The recipient is not an AWS Organizations management account.
+ Your IAM identity has appropriate permissions to share a custom framework in AWS Audit Manager. Two suggested policies that grant these permissions are [AWSAuditManagerAdministratorAccess](https://docs.aws.amazon.com/aws-managed-policy/latest/reference/AWSAuditManagerAdministratorAccess.html) and [Allow users management access to AWS Audit Manager](security_iam_id-based-policy-examples.md#management-access).
**Tip**
Before you start, make a note of the AWS account ID that you want to share your custom framework with. This can be your own account ID, if your goal is to replicate the framework to another AWS Region under your account. You need this information for step 2 of the tutorial.
## Procedure
**Topics**
+ [
### Step 1: Identify the custom framework that you want to share
](#framework-sharing-step-1)
+ [
### Step 2: Send a share request
](#framework-sharing-step-2)
+ [
### Step 3: View your sent requests
](#framework-sharing-step-3)
+ [
### Step 4 (Optional): Revoke the share request
](#framework-sharing-step-4)
### Step 1: Identify the custom framework that you want to share
Start by identifying the custom framework that you want to share. You can find a list of all available custom frameworks on the **Framework library** page in Audit Manager.
**Important**
Don’t share custom frameworks that contain sensitive data. This includes data found within the framework itself, its control sets, and any of the custom controls that comprise the custom framework. For more information, see [Framework eligibility](https://docs.aws.amazon.com/audit-manager/latest/userguide/share-custom-framework-concepts-and-terminology.html#eligibility).
**To view your available custom frameworks**
1. Open the AWS Audit Manager console at [https://console.aws.amazon.com/auditmanager/home](https://console.aws.amazon.com/auditmanager/home).
1. In the navigation pane, choose **Framework library**.
1. Choose the **Custom frameworks** tab. This displays a list of your available custom frameworks. You can choose any framework name to view the details of that custom framework.
### Step 2: Send a share request
Next, specify a recipient and send them a share request for the custom framework. The recipient has 120 days to respond to the share request before it expires.
**To send a share request**
1. From the **Custom frameworks** tab of the framework library, choose the name of a framework to open the detail page. From here, choose **Actions** and then choose **Share custom framework**.
+ Alternatively, select a custom framework from the list in the framework library, choose **Actions**, and then choose **Share custom framework**. Depending on the size of the custom framework, this method can take a few seconds while Audit Manager prepares the share request.
1. Review the notice that displays in the dialog box.
+ If you're unsure whether you can share your custom framework, review [Framework eligibility](https://docs.aws.amazon.com/audit-manager/latest/userguide/share-custom-framework-concepts-and-terminology.html#eligibility) for further guidance.
+ If your framework has controls that use custom AWS Config rules as a data source, we recommend that you contact the recipient to let them know. The recipient can then create and enable the same AWS Config rules in their instance of AWS Config. For more information, see [My shared framework has controls that use custom AWS Config rules as a data source. Can the recipient collect evidence for these controls?](framework-issues.md#framework-sharing-custom-config-rules).
1. Enter **agree** and then choose **Agree** to proceed.
1. On the next screen, follow these steps:
+ Under **AWS account**, enter the recipient’s account ID. This can be your own account ID.
+ Under **AWS Region**, select the recipient's Region from the dropdown list.
+ (Optional) Under **Message to recipient**, enter an optional comment about the custom framework that you're sharing.
+ Under **Custom framework details**, review the details to confirm that you want to share this framework.
1. Choose **Share**.
**Note**
Keep in mind the following points:
When you share a custom framework with another AWS account, the framework is replicated only to the specified AWS Region. After accepting the share request, the recipient can then replicate the framework across Regions as needed.
When sharing custom frameworks across AWS Regions, it can take up to 10 minutes to process share request actions. After sending a cross-Region share request, we recommend that you check back later to confirm that your share request was sent successfully.
When you send a share request, Audit Manager takes a snapshot of the custom framework at the time of the share request creation. If you update the custom framework after sending a share request, the request isn't automatically updated. To share the latest version of an updated framework, you can [resend the share request](https://docs.aws.amazon.com/audit-manager/latest/userguide/framework-sharing.html#framework-sharing-resend). The expiration date of this new snapshot is 120 days from the re-share date.
### Step 3: View your sent requests
You can select the **Sent requests** tab to see a list of all the share requests that you sent. You can filter this list as needed. For example, you can apply filters to display only requests that expire within the next 30 days.
**To view and filter your sent requests**
1. From the navigation pane, choose **Share requests**.
1. Choose the **Sent requests** tab.
1. (Optional) Apply filters to fine-tune which sent requests are visible. You can do this by finding the **All statuses** dropdown list, and changing the filter to one of the following.
[\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/audit-manager/latest/userguide/framework-sharing.html)
**Note**
It can take up to 15 minutes to process a share request. As a result, if an error occurred when sending your share request to the recipient, the *Failed* status might not display immediately. We recommend that you check back later to confirm that your share request was sent successfully.
### Step 4 (Optional): Revoke the share request
If you need to cancel an active share request before it’s due to expire, you can revoke the request at any time. This step is optional. If you take no action, the recipient loses the ability to accept the share request after the expiration date.
**To revoke a share request**
1. From the navigation pane, choose **Share requests**.
1. Choose the **Sent requests** tab.
1. Select the framework that you want to revoke and choose **Revoke request**.
1. In the pop-up window that appears, choose **Revoke**.
**Note**
You can only revoke access to share requests that have a status of *Active* or *Expiring*. After a recipient accepts a share request, you can no longer revoke their access to that custom framework. This is because a copy of the custom framework now exists in the recipient’s framework library.
When sharing frameworks across AWS Regions, it can take up to 10 minutes to process share request actions. After revoking a cross-Region share request, we recommend that you check back later to confirm that the share request was revoked successfully.
## Next steps
### Resending a share request for an updated framework
You might send a share request for a custom framework and then update the same framework afterwards. If you do this, the share request isn't automatically updated to reflect the latest version of the framework. However, if its status is *active*, *shared*, or *expiring*, you can update an existing share request. To do this, you resend a new share request with the same set of details as the existing request. In the new share request, include the same custom framework ID, recipient account ID, and recipient AWS Region. You can also provide a new comment with the new share request.
Keep in mind the following when you resend a share request:
+ For the update to be successful, the new request must be for the same custom framework ID. It must also specify the same recipient account ID and Region as the existing request.
+ If the name of the custom framework has changed, the updated share request displays the latest name.
+ If you provide a new comment, the updated share request displays the latest comment.
+ When you resend a share request, the expiration date is extended by six months.
**To resend a share request for an updated framework**
1. From the **Custom frameworks** tab of the framework library, choose the name of the framework that you want to share. This opens the framework detail page.
1. Choose **Actions** and then choose **Share custom framework**.
1. Review the notice that displays in the dialog box, enter **agree**, and then choose **Agree** to proceed.
1. On the next screen, follow these steps:
+ Under **AWS account**, enter the same account ID that you specified in the existing share request.
+ Under **AWS Region**, select the same Region that you specified in the existing share request.
+ (Optional) Under **Message to recipient**, enter an optional comment about the updated custom framework.
+ Under **Custom framework details**, review the details to confirm that you want to resend the share request.
1. Choose **Share** to resend and update the share request.
## Additional resources
To find solutions to the issues that you might encounter when sharing a custom framework, see [Troubleshooting framework issues](framework-issues.md).
# Responding to share requests in AWS Audit Manager
This tutorial describes the actions to take when you receive a share request for a custom framework. Audit Manager notifies you when you receive a share request. You also receive a notification to remind you when a share request is due to expire in the next 30 days.
## Prerequisites
Before you get started, we recommend that you first learn more about Audit Manager [framework sharing concepts and terminology](https://docs.aws.amazon.com/audit-manager/latest/userguide/share-custom-framework-concepts-and-terminology.html).
## Procedure
**Topics**
+ [
### Step 1: Check your received request notifications
](#responding-to-shared-framework-requests-step-1)
+ [
### Step 2: Take action on the request
](#responding-to-shared-framework-requests-step-2)
+ [
### Step 3: View a history of your received requests
](#responding-to-shared-framework-requests-step-3)
### Step 1: Check your received request notifications
Start by checking your share request notifications. The **Received requests** tab displays a list of the share requests that you’ve received from other AWS accounts. Requests that are awaiting your response appear with a blue dot. You can also filter this view to display only requests that expire sometime within the next 30 days*.*
**To view received requests**
1. Open the AWS Audit Manager console at [https://console.aws.amazon.com/auditmanager/home](https://console.aws.amazon.com/auditmanager/home).
1. If you have a share request notification, Audit Manager displays a red dot next to the navigation menu icon.
![\[Screenshot of the minimized navigation menu icon with a notification.\]](http://docs.aws.amazon.com/audit-manager/latest/userguide/images/framework_sharing-navigation_minimized_notification-console.png)
1. Expand the navigation pane and look next to **Share requests**. A notification badge indicates the number of share requests that need your attention.
![\[Screenshot of the expanded navigation menu, with share requests highlighted and a notification badge.\]](http://docs.aws.amazon.com/audit-manager/latest/userguide/images/framework_sharing-navigation_expanded_notification-console.png)
1. Choose **Share requests**. By default, this page opens on the **Received requests** tab.
1. Identify the share requests that need your action by looking for items with a blue dot.
![\[Screenshot of a received request with a blue dot next to the framework name.\]](http://docs.aws.amazon.com/audit-manager/latest/userguide/images/framework_sharing-blue_dot_notification-console.png)
1. (Optional) To view only requests that expire in the next 30 days, find the **All statuses** dropdown list and select **Expiring**.
### Step 2: Take action on the request
To remove the blue notification dot, you need to take action by either accepting or declining the share request.
#### Accepting a shared framework
When you accept a share request, Audit Manager replicates a snapshot of the original framework into the custom frameworks tab of your framework library. Audit Manager replicates and encrypts the new custom framework using the KMS key that you specified in your [Audit Manager settings](https://docs.aws.amazon.com/audit-manager/latest/userguide/settings-KMS.html).
**To accept a share request**
1. Open the **Share requests** page and make sure that you're viewing the **Received requests** tab.
1. (Optional) Select **Active** or **Expiring** from the filter dropdown list.
1. (Optional) Choose a framework name to view the details of the share request. This includes information such as the framework description, the number of controls that are in the framework, and the message from the sender.
1. Select the share request that you want to accept, choose **Actions**, and then choose **Accept**.
After you accept a share request, the status changes to *replicating* while the shared custom framework is added to your framework library. If the framework contains custom controls, these controls are added to your control library at this time.
When the framework replication is complete, the status changes to *shared*. A success banner notifies you that the custom framework is ready to use.
**Tip**
When you accept a custom framework, it's replicated only to your current AWS Region. You might want the new shared framework to be available across all Regions in your AWS account. If so, after you accept the share request you can [share the framework](https://docs.aws.amazon.com/audit-manager/latest/userguide/framework-sharing.html) to other Regions under your account as needed.
#### Declining a shared framework
When you decline a share request, Audit Manager doesn’t add that custom framework to your framework library. However, a record of the declined share request remains in the **Received requests **tab, with a status of **Inactive**.
**To decline a share request**
1. Open the **Share requests** page and make sure that you're viewing the **Received requests** tab.
1. (Optional) Select **Active** or **Expiring** from the filter dropdown list.
1. (Optional) Choose a framework name to view the details of the share request. This includes information such as the framework description, the number of controls that are in the framework, and the message from the sender.
1. Select the share request that you want to decline, choose **Actions**, and then choose **Decline**.
1. In the dialog box that appears, choose **Decline** to confirm your choice.
**Tip**
If you change your mind and want access to a shared framework after you decline, ask the sender to send you a new share request.
**Note**
It can take up to 10 minutes to process share request actions when a framework is shared across AWS Regions. After taking action on a cross-Region share request, we recommend that you check back later to confirm that the share request was successfully accepted or declined.
### Step 3: View a history of your received requests
After you accept or decline a shared framework, you can return to the **Share requests** page to see your share request history. You can filter this list as needed. For example, you can apply filters to display only requests that you accepted.
**To view a history of your share requests **
1. Open the AWS Audit Manager console at [https://console.aws.amazon.com/auditmanager/home](https://console.aws.amazon.com/auditmanager/home).
1. In the left navigation pane, choose **Share requests**.
1. Choose the **Received requests** tab.
1. Find the **All statuses** dropdown list, and select one of the following filters:
[\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/audit-manager/latest/userguide/responding-to-shared-framework-requests.html)
## Next steps
After you accept a shared custom framework, you can find it in the custom frameworks tab of the framework library. You can now use that framework to create an assessment. To learn more, see [Creating an assessment in AWS Audit Manager](create-assessments.md).
For instructions on how to edit your new custom framework, see [Editing a custom framework in AWS Audit Manager](edit-custom-frameworks.md).
## Additional resources
To find solutions to issues that you might encounter, see [Troubleshooting framework issues](framework-issues.md).
# Deleting share requests in AWS Audit Manager
When you no longer need a share request, you can delete it from your Audit Manager environment. This enables you to clean up your workspace and focus on the requests that are relevant to your current tasks and priorities.
When you delete a share request, only the request itself is deleted. The shared framework itself remains in your framework library.
## Prerequisites
The following procedure assumes that you have previously sent or received a share request. You can't delete share requests that have a status of *active* or *replicating*.
Make sure your IAM identity has appropriate permissions to delete a share request in AWS Audit Manager. Two suggested policies that grant these permissions are [AWSAuditManagerAdministratorAccess](https://docs.aws.amazon.com/aws-managed-policy/latest/reference/AWSAuditManagerAdministratorAccess.html) and [Allow users management access to AWS Audit Manager](security_iam_id-based-policy-examples.md#management-access).
## Procedure
**To delete a share request**
1. From the navigation pane, choose **Share requests**.
1. Choose either the **Sent requests** or the **Received requests** tab.
1. Select the framework that you no longer want and choose **Delete**.
1. In the pop-up window that appears, choose **Delete**.
## Additional resources
To find solutions to issues that you might encounter, see [Troubleshooting framework issues](framework-issues.md).