AWS Audit Manager のアイコン

AWS Audit Manager Specialized2020年〜

A service that automates evidence collection and assessment for compliance audits

About 3 min read

What It Does

AWS Audit Manager is a service that automates the collection of evidence needed for compliance audits of your AWS environment. It provides pre-built assessment templates aligned with industry-standard frameworks such as GDPR, PCI DSS, and SOC 2, and automatically collects and organizes relevant evidence from sources like AWS Config and CloudTrail. It dramatically reduces the manual effort required for audit preparation.

Use Cases

Used for automating evidence collection for annual SOC 2 and PCI DSS audits, continuously monitoring compliance with internal security policies, and efficiently preparing submission materials for audit firms. It is also used for centralized compliance management across multi-account environments.

Everyday Analogy

Think of it like an assistant for your company's internal audit department. The assistant (Audit Manager) automatically gathers the required documents (evidence) from each department and organizes them according to a checklist. Instead of running around collecting paperwork, auditors can focus on reviewing content and making judgments.

What Is AWS Audit Manager?

AWS Audit Manager is a managed service that streamlines compliance auditing for cloud environments. Traditionally, audit preparation required enormous manual effort such as taking screenshots and manually collecting logs. Audit Manager automates this evidence collection and organizes it according to assessment frameworks. Since it continuously collects data from various AWS services, you no longer need to scramble to prepare when audit season arrives.

Frameworks and Assessments

Audit Manager comes with pre-built templates for major compliance frameworks including GDPR, PCI DSS, SOC 2, and HIPAA. When you select a framework and start an assessment, evidence for each control is automatically collected from AWS Config rules, CloudTrail logs, Security Hub findings, and more. You can also create custom frameworks to address your organization's unique audit criteria. For practical know-how on frameworks and assessments, related books on Amazon are a great resource.

Evidence Management and Reporting

Collected evidence is organized by control, and you can see compliance status at a glance on the dashboard. You manually review the assessment status of each control and set statuses such as compliant, non-compliant, or not applicable. Once the assessment is complete, you can export evidence folders as reports to submit to audit firms or internal audit teams. Evidence is stored in S3, supporting long-term retention.

Things to Watch Out For

  • Audit Manager pricing is based on the number of resource assessments. S3 storage costs for evidence are charged separately
  • Automatically collected evidence is technical proof only - final audit judgments must still be made by humans
  • AWS Config and CloudTrail must be enabled as prerequisites. Evidence cannot be collected if these services are disabled
共有するXB!

Related Services

AWS Config iconAWS ConfigA service that records and evaluates AWS resource configuration changes and continuously monitors complianceAWS CloudTrail iconAWS CloudTrailA service that records and monitors API activity in your AWS accountAWS Security Hub iconAWS Security HubCentrally manage your AWS security posture and automatically check compliance with best practicesAWS Organizations iconAWS OrganizationsA service for centrally managing multiple AWS accounts

Related Articles

Automating Audits - Continuously Collecting Compliance Evidence with AWS Audit ManagerLearn how to automate audit evidence collection with AWS Audit Manager. This guide covers automated assessments based on frameworks such as SOC 2, PCI DSS, and GDPR, centralized evidence management, and audit report generation.

More in This Category

IAM Access Analyzer iconIAM Access Analyzer SpecializedA service that detects externally accessible resources and unused access permissionsAWS Certificate Manager iconAWS Certificate Manager EssentialA service that automates provisioning, management, and deployment of SSL/TLS certificatesAWS Artifact iconAWS Artifact SpecializedA service for on-demand access to AWS compliance reports and agreementsAWS CloudHSM iconAWS CloudHSM SpecializedA service for managing encryption keys using dedicated hardware security modulesAmazon Cognito iconAmazon Cognito PopularA service that provides authentication, authorization, and user management for web and mobile applicationsAmazon Detective iconAmazon Detective SpecializedA service that automatically analyzes security findings and investigates root causesAWS Directory Service iconAWS Directory Service SpecializedA service that provides managed Active Directory on AWSAWS Firewall Manager iconAWS Firewall Manager SpecializedA service for centrally managing firewall rules across your entire AWS Organization

Similar Articles and Services

Automating Audits - Continuously Collecting Compliance Evidence with AWS Audit ManagerLearn how to automate audit evidence collection with AWS Audit Manager. This guide covers automated assessments based on frameworks such as SOC 2, PCI DSS, and GDPR, centralized evidence management, and audit report generation.AWS Audit ManagerA service that automates compliance audit evidence collection and continuously assesses adherence to frameworks such as SOC 2, PCI DSS, and HIPAAAudit Log Design and Operations - Complete API Activity Recording with CloudTrailLearn how to design audit logs using AWS CloudTrail, including recording API activity, long-term storage in S3, and compliance automation through integration with AWS Config.Retrieving Compliance Reports with AWS Artifact - Audit Response and Agreement ManagementLearn how to retrieve SOC, PCI DSS, and ISO audit reports on demand and apply BAA and GDPR DPA agreements across your entire AWS Organizations structure.AWS Compliance - Over 143 Certifications from ISMAP to PCI DSS That Outpace the CompetitionExplore the breadth of AWS's 143+ compliance certifications, focusing on ISMAP, SOC, PCI DSS, and HIPAA, and compare the certification coverage with Azure and GCP.