AWS Audit Manager has introduced a common control library that simplifies the process of automating risk and compliance assessments against enterprise controls. This new library enables Governance, Risk, and Compliance (GRC) teams to efficiently map their controls into Audit Manager for evidence collection.
The new common control library provides pre-defined and pre-mapped AWS data sources, eliminating the need to identify which AWS resources to assess for various controls. It defines AWS-managed common controls based on extensive mapping and reviews by AWS certified auditors, determining the appropriate data sources for evidence collection. With this launch, Audit Manager will also deliver more evidence mappings for controls, including 140 newly supported API calls for additional evidence. You can customize and update all evidence mappings as appropriate for your objectives.
The library also reduces the need to implement different compliance standard requirements individually and review data multiple times across different compliance regimes. It identifies common requirements across controls, helping customers understand their audit readiness across multiple frameworks simultaneously.
As AWS Audit Manager updates or adds data sources (e.g., additional CloudTrail events or API calls, or newly launched AWS Config rules) or maps additional compliance frameworks to the common controls, customers automatically inherit these improvements. This removes the need for constant updating and provides the benefit of additional compliance frameworks added to the Audit Manager library.
Source:: Amazon AWS