Auditing is a steady and ongoing course of, and each audit consists of the gathering of proof. The proof gathered helps affirm the state of assets and it’s used to reveal that the shopper’s insurance policies, procedures, and actions (controls), are in place, and that the management has been operational for a specified time frame. AWS Audit Supervisor already automates this proof assortment for AWS utilization. Nevertheless, giant enterprise organizations who deploy their workloads throughout a spread of areas akin to cloud, on-premises, or a mixture of each, handle this proof information utilizing a mixture of third-party or homegrown instruments, spreadsheets, and emails.
Immediately we’re excited to announce the mixing of AWS Audit Supervisor with third get together Governance, Danger, and Compliance (GRC) supplier, MetricStream CyberGRC, an AWS Accomplice with GRC capabilities. This integration permits enterprises to handle compliance throughout AWS, on-premises, and different cloud environments in a centralized GRC atmosphere.
Earlier than this announcement, Audit Supervisor operated solely within the AWS context, permitting clients to gather compliance proof for assets in AWS. They’d then relay that data to their GRC programs exterior to AWS for added aggregation and evaluation. This course of left clients with out an automatic technique to monitor and consider all compliance information in a single centralized location, leading to delays to compliance outcomes.
The GRC integration with Audit Supervisor means that you can use audit proof collected by Audit Supervisor straight in MetricStream CyberGRC. Audit Supervisor now receives the controls in scope from MetricStream CyberGRC, collects proof round these controls, and exports the info associated to the audit into MetricStream CyberGRC for aggregation and evaluation. You’ll now have aggregated compliance, real-time monitoring and centralized reporting. This can scale back compliance fatigue and enhance stakeholder collaboration.
How It Works
Utilizing Amazon Cognito Person Swimming pools, you’ll be onboarded into the multi-tenant occasion of MetricStream CyberGRC.
As soon as onboarded, you’ll be capable of view AWS belongings and frameworks inside MetricStream CyberGRC. You possibly can then start by selecting the acceptable Audit Supervisor framework to outline the relationships between your present enterprise controls and AWS controls. After creating this one-time management mapping, you possibly can outline the accounts in scope to create an evaluation that MetricStream CyberGRC will handle in AWS Audit Supervisor in your behalf. This evaluation triggers AWS Audit Supervisor to gather proof in context of the mapped controls. In consequence, you get a unified view of compliance proof inside your GRC utility. Any customary controls that you’ve in Audit Supervisor might be supplied to MetricStream CyberGRC by utilizing the
GetControl API to facilitate handbook mapping course of wherever automated mapping fails or doesn’t suffice. The
EvidenceFinder API will ship bulk proof from Audit Supervisor to MetricStream CyberGRC.
Out there Now
This characteristic is on the market as we speak the place Audit Supervisor (AWS Areas) and MetricStream CyberGRC are each obtainable. There aren’t any further AWS Audit Supervisor costs for utilizing this integration. To make use of this integration, please attain out to MetricStream for details about entry and buy of MetricStream CyberGRC software program.
As a part of the AWS Free Tier, AWS Audit Supervisor affords a free tier for first-time clients. The free tier will expire in two calendar months after the primary subscription. For extra data, see AWS Audit Supervisor pricing. To study extra about AWS Audit Supervisor integration with MetricStream CyberGRC, see Audit Supervisor documentation.