Automating Audit Evidence Collection Natively in AWS
The AWS Audit Manager can help organize all of your audit and compliance evidence. This solution helps streamline the collection of non-AWS resource data points. More in this Twitter thread ๐.
probably not. tl:dr > it helps map your usage to various regulations & standards to give you a better idea of your risk & compliance posture
some thoughts & a blog post analysis ๐
๐งต #cloud #security
@marknca tweeted at 10-Mar-2022, 13:52
Tweet 2/8 ๐ Next tweet ๐ Start
๐งต #cloud #security
@marknca tweeted at 10-Mar-2022, 13:52
Tweet 3/8 ๐ Next tweet ๐ Start
https://aws.amazon.com/blogs/security/streamlining-evidence-collection-with-aws-audit-manager/
anything that helps smooth out the evidence gathering process is usually a big win, let’s dig in
๐งต #cloud #security
@marknca tweeted at 10-Mar-2022, 13:52
Tweet 4/8 ๐ Next tweet ๐ Start
this post shows how an approach to streamlining your custom metrics/data points
๐งต #cloud #security
@marknca tweeted at 10-Mar-2022, 13:52
Tweet 5/8 ๐ Next tweet ๐ Start
you setup an HTTPS endpoint via @awscloud API Gateway. that endpoint triggers a Lambda which then stores the evidence in S3 while also triggering a Step Function to process the evidence
it’s simple, #serverless, and low cost
๐งต #cloud #security
@marknca tweeted at 10-Mar-2022, 13:52
Tweet 6/8 ๐ Next tweet ๐ Start
@awscloud Audit Manager associated evidence to a Control within an Assessments
you need to know where this evidence belongs, in order to use this solution
๐งต #cloud #security
@marknca tweeted at 10-Mar-2022, 13:52
Tweet 7/8 ๐ Next tweet ๐ Start
and
https://docs.aws.amazon.com/audit-manager/latest/userguide/how-evidence-is-collected.html
๐งต #cloud #security
@marknca tweeted at 10-Mar-2022, 13:52
Tweet 8/8 ๐ Next tweet ๐ Start
streamlining the evidence/control/assessment alignment process would be a huge win & make this solution a lot more useful
/๐งต #cloud #security
@marknca tweeted at 10-Mar-2022, 13:52