String arn
The Amazon Resource Name (ARN) of the assessment.
AWSAccount awsAccount
The Amazon Web Services account that's associated with the assessment.
AssessmentMetadata metadata
The metadata for the assessment.
AssessmentFramework framework
The framework that the assessment was created from.
Map<K,V> tags
The tags that are associated with the assessment.
String id
The identifier for the control.
String name
The name of the control.
String description
The description of the control.
String status
The status of the control.
String response
The response of the control.
List<E> comments
The list of comments that's attached to the control.
List<E> evidenceSources
The list of data sources for the evidence.
Integer evidenceCount
The amount of evidence that's collected for the control.
Integer assessmentReportEvidenceCount
The amount of evidence in the assessment report.
String id
The identifier of the control set in the assessment. This is the control set name in a plain string format.
String description
The description for the control set.
String status
The current status of the control set.
List<E> roles
The roles that are associated with the control set.
List<E> controls
The list of controls that's contained with the control set.
List<E> delegations
The delegations that are associated with the control set.
Integer systemEvidenceCount
The total number of evidence objects that are retrieved automatically for the control set.
Integer manualEvidenceCount
The total number of evidence objects that are uploaded manually to the control set.
String name
The name of the evidence folder.
Date date
The date when the first evidence was added to the evidence folder.
String assessmentId
The identifier for the assessment.
String controlSetId
The identifier for the control set.
String controlId
The unique identifier for the control.
String id
The identifier for the folder that the evidence is stored in.
String dataSource
The Amazon Web Service that the evidence was collected from.
String author
The name of the user who created the evidence folder.
Integer totalEvidence
The total amount of evidence in the evidence folder.
Integer assessmentReportSelectionCount
The total count of evidence that's included in the assessment report.
String controlName
The name of the control.
Integer evidenceResourcesIncludedCount
The amount of evidence that's included in the evidence folder.
Integer evidenceByTypeConfigurationDataCount
The number of evidence that falls under the configuration data category. This evidence is collected from configuration snapshots of other Amazon Web Services such as Amazon EC2, Amazon S3, or IAM.
Integer evidenceByTypeManualCount
The number of evidence that falls under the manual category. This evidence is imported manually.
Integer evidenceByTypeComplianceCheckCount
The number of evidence that falls under the compliance check category. This evidence is collected from Config or Security Hub.
Integer evidenceByTypeComplianceCheckIssuesCount
The total number of issues that were reported directly from Security Hub, Config, or both.
Integer evidenceByTypeUserActivityCount
The number of evidence that falls under the user activity category. This evidence is collected from CloudTrail logs.
Integer evidenceAwsServiceSourceCount
The total number of Amazon Web Services resources that were assessed to generate the evidence.
String id
The unique identifier for the framework.
String arn
The Amazon Resource Name (ARN) of the framework.
FrameworkMetadata metadata
List<E> controlSets
The control sets that are associated with the framework.
String arn
The Amazon Resource Name (ARN) of the framework.
String id
The unique identifier for the framework.
String type
The framework type, such as a standard framework or a custom framework.
String name
The name of the framework.
String description
The description of the framework.
String logo
The logo that's associated with the framework.
String complianceType
The compliance type that the new custom framework supports, such as CIS or HIPAA.
Integer controlsCount
The number of controls that are associated with the framework.
Integer controlSetsCount
The number of control sets that are associated with the framework.
Date createdAt
The time when the framework was created.
Date lastUpdatedAt
The time when the framework was most recently updated.
String id
The unique identifier for the share request.
String frameworkId
The unique identifier for the shared custom framework.
String frameworkName
The name of the custom framework that the share request is for.
String frameworkDescription
The description of the shared custom framework.
String status
The status of the share request.
String sourceAccount
The Amazon Web Services account of the sender.
String destinationAccount
The Amazon Web Services account of the recipient.
String destinationRegion
The Amazon Web Services Region of the recipient.
Date expirationTime
The time when the share request expires.
Date creationTime
The time when the share request was created.
Date lastUpdated
Specifies when the share request was last updated.
String comment
An optional comment from the sender about the share request.
Integer standardControlsCount
The number of standard controls that are part of the shared custom framework.
Integer customControlsCount
The number of custom controls that are part of the shared custom framework.
String complianceType
The compliance type that the shared custom framework supports, such as CIS or HIPAA.
String name
The name of the assessment.
String id
The unique identifier for the assessment.
String description
The description of the assessment.
String complianceType
The name of the compliance standard that's related to the assessment, such as PCI-DSS.
String status
The overall status of the assessment.
AssessmentReportsDestination assessmentReportsDestination
The destination that evidence reports are stored in for the assessment.
Scope scope
The wrapper of Amazon Web Services accounts and services that are in scope for the assessment.
List<E> roles
The roles that are associated with the assessment.
List<E> delegations
The delegations that are associated with the assessment.
Date creationTime
Specifies when the assessment was created.
Date lastUpdated
The time of the most recent update.
String name
The name of the assessment.
String id
The unique identifier for the assessment.
String complianceType
The name of the compliance standard that's related to the assessment, such as PCI-DSS.
String status
The current status of the assessment.
List<E> roles
The roles that are associated with the assessment.
List<E> delegations
The delegations that are associated with the assessment.
Date creationTime
Specifies when the assessment was created.
Date lastUpdated
The time of the most recent update.
String id
The unique identifier for the assessment report.
String name
The name that's given to the assessment report.
String description
The description of the specified assessment report.
String awsAccountId
The identifier for the specified Amazon Web Services account.
String assessmentId
The identifier for the specified assessment.
String assessmentName
The name of the associated assessment.
String author
The name of the user who created the assessment report.
String status
The current status of the specified assessment report.
Date creationTime
Specifies when the assessment report was created.
String id
The unique identifier for the assessment report.
String name
The name of the assessment report.
String description
The description of the assessment report.
String assessmentId
The unique identifier for the associated assessment.
String assessmentName
The name of the associated assessment.
String author
The name of the user who created the assessment report.
String status
The current status of the assessment report.
Date creationTime
Specifies when the assessment report was created.
String serviceName
The name of the Amazon Web Service.
CreateDelegationRequest createDelegationRequest
The API request to batch create delegations in Audit Manager.
String errorCode
The error code that the BatchCreateDelegationByAssessment API returned.
String errorMessage
The error message that the BatchCreateDelegationByAssessment API returned.
ManualEvidence manualEvidence
Manual evidence that can't be collected automatically by Audit Manager.
String errorCode
The error code that the BatchImportEvidenceToAssessmentControl API returned.
String errorMessage
The error message that the BatchImportEvidenceToAssessmentControl API returned.
String objectType
The object that was changed, such as an assessment, control, or control set.
String objectName
The name of the object that changed. This could be the name of an assessment, control, or control set.
String action
The action that was performed.
Date createdAt
The time when the action was performed and the changelog record was created.
String createdBy
The user or role that performed the action.
String arn
The Amazon Resource Name (ARN) of the control.
String id
The unique identifier for the control.
String type
Specifies whether the control is a standard control or a custom control.
String name
The name of the control.
String description
The description of the control.
String testingInformation
The steps that you should follow to determine if the control has been satisfied.
String actionPlanTitle
The title of the action plan for remediating the control.
String actionPlanInstructions
The recommended actions to carry out if the control isn't fulfilled.
String controlSources
The data source types that determine where Audit Manager collects evidence from for the control.
List<E> controlMappingSources
The data mapping sources for the control.
Date createdAt
The time when the control was created.
Date lastUpdatedAt
The time when the control was most recently updated.
String createdBy
The user or role that created the control.
String lastUpdatedBy
The user or role that most recently updated the control.
Map<K,V> tags
The tags associated with the control.
String state
The state of the control. The END_OF_SUPPORT state is applicable to standard controls only. This
state indicates that the standard control can still be used to collect evidence, but Audit Manager is no longer
updating or maintaining that control.
String name
The name of the control domain.
String id
The unique identifier for the control domain. Audit Manager supports the control domains that are provided by
Amazon Web Services Control Catalog. For information about how to find a list of available control domains, see
ListDomains in the Amazon Web Services Control Catalog API Reference.
Integer controlsCountByNoncompliantEvidence
The number of controls in the control domain that collected non-compliant evidence on the
lastUpdated date.
Integer totalControlsCount
The total number of controls in the control domain.
EvidenceInsights evidenceInsights
A breakdown of the compliance check status for the evidence that’s associated with the control domain.
Date lastUpdated
The time when the control domain insights were last updated.
String name
The name of the assessment control.
String id
The unique identifier for the assessment control.
EvidenceInsights evidenceInsights
A breakdown of the compliance check status for the evidence that’s associated with the assessment control.
String controlSetName
The name of the control set that the assessment control belongs to.
Date lastUpdated
The time when the assessment control insights were last updated.
String name
The name of the control.
String id
The unique identifier for the control.
EvidenceInsights evidenceInsights
A breakdown of the compliance check status for the evidence that’s associated with the control.
Date lastUpdated
The time when the control insights were last updated.
String sourceId
The unique identifier for the source.
String sourceName
The name of the source.
String sourceDescription
The description of the source.
String sourceSetUpOption
The setup option for the data source. This option reflects if the evidence collection method is automated or
manual. If you don’t provide a value for sourceSetUpOption, Audit Manager automatically infers and
populates the correct value based on the sourceType that you specify.
String sourceType
Specifies which type of data source is used to collect evidence.
The source can be an individual data source type, such as AWS_Cloudtrail, AWS_Config,
AWS_Security_Hub, AWS_API_Call, or MANUAL.
The source can also be a managed grouping of data sources, such as a Core_Control or a
Common_Control.
SourceKeyword sourceKeyword
String sourceFrequency
Specifies how often evidence is collected from the control mapping source.
String troubleshootingText
The instructions for troubleshooting the control.
String arn
The Amazon Resource Name (ARN) of the control.
String id
The unique identifier for the control.
String name
The name of the control.
String controlSources
The data source that determines where Audit Manager collects evidence from for the control.
Date createdAt
The time when the control was created.
Date lastUpdatedAt
The time when the control was most recently updated.
String id
The unique identifier of the control.
String name
The name of the new custom framework.
String description
An optional description for the new custom framework.
String complianceType
The compliance type that the new custom framework supports, such as CIS or HIPAA.
List<E> controlSets
The control sets that are associated with the framework.
Map<K,V> tags
The tags that are associated with the framework.
Framework framework
The name of the new framework that the CreateAssessmentFramework API returned.
String name
The name of the new assessment report.
String description
The description of the assessment report.
String assessmentId
The identifier for the assessment.
String queryStatement
A SQL statement that represents an evidence finder query.
Provide this parameter when you want to generate an assessment report from the results of an evidence finder search query. When you use this parameter, Audit Manager generates a one-time report using only the evidence from the query output. This report does not include any assessment evidence that was manually added to a report using the console, or associated with a report using the API.
To use this parameter, the enablementStatus of evidence finder must be ENABLED.
For examples and help resolving queryStatement validation exceptions, see Troubleshooting evidence finder issues in the Audit Manager User Guide.
AssessmentReport assessmentReport
The new assessment report that the CreateAssessmentReport API returned.
String name
The name of the assessment to be created.
String description
The optional description of the assessment to be created.
AssessmentReportsDestination assessmentReportsDestination
The assessment report storage destination for the assessment that's being created.
Scope scope
List<E> roles
The list of roles for the assessment.
String frameworkId
The identifier for the framework that the assessment will be created from.
Map<K,V> tags
The tags that are associated with the assessment.
Assessment assessment
String sourceName
The name of the control mapping data source.
String sourceDescription
The description of the data source that determines where Audit Manager collects evidence from for the control.
String sourceSetUpOption
The setup option for the data source. This option reflects if the evidence collection method is automated or
manual. If you don’t provide a value for sourceSetUpOption, Audit Manager automatically infers and
populates the correct value based on the sourceType that you specify.
String sourceType
Specifies which type of data source is used to collect evidence.
The source can be an individual data source type, such as AWS_Cloudtrail, AWS_Config,
AWS_Security_Hub, AWS_API_Call, or MANUAL.
The source can also be a managed grouping of data sources, such as a Core_Control or a
Common_Control.
SourceKeyword sourceKeyword
String sourceFrequency
Specifies how often evidence is collected from the control mapping source.
String troubleshootingText
The instructions for troubleshooting the control.
String name
The name of the control.
String description
The description of the control.
String testingInformation
The steps to follow to determine if the control is satisfied.
String actionPlanTitle
The title of the action plan for remediating the control.
String actionPlanInstructions
The recommended actions to carry out if the control isn't fulfilled.
List<E> controlMappingSources
The data mapping sources for the control.
Map<K,V> tags
The tags that are associated with the control.
Control control
The new control that the CreateControl API returned.
String comment
A comment that's related to the delegation request.
String controlSetId
The unique identifier for the control set.
String roleArn
The Amazon Resource Name (ARN) of the IAM role.
String roleType
The type of customer persona.
In CreateAssessment, roleType can only be PROCESS_OWNER.
In UpdateSettings, roleType can only be PROCESS_OWNER.
In BatchCreateDelegationByAssessment, roleType can only be RESOURCE_OWNER.
String id
The unique identifier for the delegation.
String assessmentName
The name of the assessment that's associated with the delegation.
String assessmentId
The identifier for the assessment that's associated with the delegation.
String status
The status of the delegation.
String roleArn
The Amazon Resource Name (ARN) of the IAM role.
String roleType
The type of customer persona.
In CreateAssessment, roleType can only be PROCESS_OWNER.
In UpdateSettings, roleType can only be PROCESS_OWNER.
In BatchCreateDelegationByAssessment, roleType can only be RESOURCE_OWNER.
Date creationTime
Specifies when the delegation was created.
Date lastUpdated
Specifies when the delegation was last updated.
String controlSetId
The identifier for the control set that's associated with the delegation.
String comment
The comment that's related to the delegation.
String createdBy
The user or role that created the delegation.
String id
The unique identifier for the delegation.
String assessmentName
The name of the associated assessment.
String assessmentId
The unique identifier for the assessment.
String status
The current status of the delegation.
String roleArn
The Amazon Resource Name (ARN) of the IAM role.
Date creationTime
Specifies when the delegation was created.
String controlSetName
Specifies the name of the control set that was delegated for review.
String frameworkId
The identifier for the custom framework.
String assessmentId
The identifier for the assessment.
String controlId
The unique identifier for the control.
String status
The registration status of the account.
String adminAccountId
The identifier for the administrator account.
String deleteResources
Specifies which Audit Manager data will be deleted when you deregister Audit Manager.
If you set the value to ALL, all of your data is deleted within seven days of deregistration.
If you set the value to DEFAULT, none of your data is deleted at the time of deregistration.
However, keep in mind that the Audit Manager data retention policy still applies. As a result, any evidence data
will be deleted two years after its creation date. Your other Audit Manager resources will continue to exist
indefinitely.
String dataSource
The data source where the evidence was collected from.
String evidenceAwsAccountId
The identifier for the Amazon Web Services account.
Date time
The timestamp that represents when the evidence was collected.
String eventSource
The Amazon Web Service that the evidence is collected from.
String eventName
The name of the evidence event.
String evidenceByType
The type of automated evidence.
List<E> resourcesIncluded
The list of resources that are assessed to generate the evidence.
Map<K,V> attributes
The names and values that are used by the evidence event. This includes an attribute name (such as
allowUsersToChangePassword) and value (such as true or false).
String iamId
The unique identifier for the user or role that's associated with the evidence.
String complianceCheck
The evaluation status for automated evidence that falls under the compliance check category.
Audit Manager classes evidence as non-compliant if Security Hub reports a Fail result, or if Config reports a Non-compliant result.
Audit Manager classes evidence as compliant if Security Hub reports a Pass result, or if Config reports a Compliant result.
If a compliance check isn't available or applicable, then no compliance evaluation can be made for that evidence. This is the case if the evidence uses Config or Security Hub as the underlying data source type, but those services aren't enabled. This is also the case if the evidence uses an underlying data source type that doesn't support compliance checks (such as manual evidence, Amazon Web Services API calls, or CloudTrail).
String awsOrganization
The Amazon Web Services account that the evidence is collected from, and its organization path.
String awsAccountId
The identifier for the Amazon Web Services account.
String evidenceFolderId
The identifier for the folder that the evidence is stored in.
String id
The identifier for the evidence.
String assessmentReportSelection
Specifies whether the evidence is included in the assessment report.
String eventDataStoreArn
The Amazon Resource Name (ARN) of the CloudTrail Lake event data store that’s used by evidence finder. The event data store is the lake of evidence data that evidence finder runs queries against.
String enablementStatus
The current status of the evidence finder feature and the related event data store.
ENABLE_IN_PROGRESS means that you requested to enable evidence finder. An event data store is
currently being created to support evidence finder queries.
ENABLED means that an event data store was successfully created and evidence finder is enabled. We
recommend that you wait 7 days until the event data store is backfilled with your past two years’ worth of
evidence data. You can use evidence finder in the meantime, but not all data might be available until the
backfill is complete.
DISABLE_IN_PROGRESS means that you requested to disable evidence finder, and your request is pending
the deletion of the event data store.
DISABLED means that you have permanently disabled evidence finder and the event data store has been
deleted. You can't re-enable evidence finder after this point.
String backfillStatus
The current status of the evidence data backfill process.
The backfill starts after you enable evidence finder. During this task, Audit Manager populates an event data store with your past two years’ worth of evidence data so that your evidence can be queried.
NOT_STARTED means that the backfill hasn’t started yet.
IN_PROGRESS means that the backfill is in progress. This can take up to 7 days to complete,
depending on the amount of evidence data.
COMPLETED means that the backfill is complete. All of your past evidence is now queryable.
String error
Represents any errors that occurred when enabling or disabling evidence finder.
Integer noncompliantEvidenceCount
The number of compliance check evidence that Audit Manager classified as non-compliant. This includes evidence that was collected from Security Hub with a Fail ruling, or collected from Config with a Non-compliant ruling.
Integer compliantEvidenceCount
The number of compliance check evidence that Audit Manager classified as compliant. This includes evidence that was collected from Security Hub with a Pass ruling, or collected from Config with a Compliant ruling.
Integer inconclusiveEvidenceCount
The number of evidence that a compliance check ruling isn't available for. Evidence is inconclusive when the associated control uses Security Hub or Config as a data source but you didn't enable those services. This is also the case when a control uses a data source that doesn’t support compliance checks (for example, manual evidence, API calls, or CloudTrail).
If evidence has a compliance check status of not applicable in the console, it's classified as
inconclusive in EvidenceInsights data.
String arn
The Amazon Resource Name (ARN) of the framework.
String id
The unique identifier for the framework.
String name
The name of the framework.
String type
Specifies whether the framework is a standard framework or a custom framework.
String complianceType
The compliance type that the framework supports, such as CIS or HIPAA.
String description
The description of the framework.
String logo
The logo that's associated with the framework.
String controlSources
The control data sources where Audit Manager collects evidence from.
List<E> controlSets
The control sets that are associated with the framework.
Date createdAt
The time when the framework was created.
Date lastUpdatedAt
The time when the framework was most recently updated.
String createdBy
The user or role that created the framework.
String lastUpdatedBy
The user or role that most recently updated the framework.
Map<K,V> tags
The tags that are associated with the framework.
String name
The name of the framework.
String description
The description of the framework.
String logo
The logo that's associated with the framework.
String complianceType
The compliance standard that's associated with the framework. For example, this could be PCI DSS or HIPAA.
String status
The status of the Amazon Web Services account.
String frameworkId
The identifier for the framework.
Framework framework
The framework that the GetAssessmentFramework API returned.
URL preSignedUrl
String assessmentId
The unique identifier for the assessment.
Assessment assessment
Role userRole
String assessmentId
The unique identifier for the assessment.
String controlSetId
The unique identifier for the control set.
String controlId
The unique identifier for the control.
String nextToken
The pagination token that's used to fetch the next set of results.
Integer maxResults
Represents the maximum number of results on a page or for an API request call.
String controlId
The identifier for the control.
Control control
The details of the control that the GetControl API returned.
String assessmentId
The identifier for the assessment.
String controlSetId
The identifier for the control set.
String evidenceFolderId
The unique identifier for the folder that the evidence is stored in.
String nextToken
The pagination token that's used to fetch the next set of results.
Integer maxResults
Represents the maximum number of results on a page or for an API request call.
String fileName
The file that you want to upload. For a list of supported file formats, see Supported file types for manual evidence in the Audit Manager User Guide.
AssessmentEvidenceFolder evidenceFolder
The folder that the evidence is stored in.
String assessmentId
The identifier for the assessment.
String controlSetId
The identifier for the control set.
String controlId
The identifier for the control.
String nextToken
The pagination token that's used to fetch the next set of results.
Integer maxResults
Represents the maximum number of results on a page or for an API request call.
String assessmentId
The unique identifier for the assessment.
String controlSetId
The unique identifier for the control set.
String evidenceFolderId
The unique identifier for the folder that the evidence is stored in.
String evidenceId
The unique identifier for the evidence.
Evidence evidence
The evidence that the GetEvidence API returned.
String assessmentId
The unique identifier for the assessment.
InsightsByAssessment insights
The assessment analytics data that the GetInsightsByAssessment API returned.
Insights insights
The analytics data that the GetInsights API returned.
String attribute
The list of setting attribute enum values.
Settings settings
The settings object that holds all supported Audit Manager settings.
Integer activeAssessmentsCount
The number of active assessments in Audit Manager.
Integer noncompliantEvidenceCount
The number of compliance check evidence that Audit Manager classified as non-compliant on the
lastUpdated date. This includes evidence that was collected from Security Hub with a Fail
ruling, or collected from Config with a Non-compliant ruling.
Integer compliantEvidenceCount
The number of compliance check evidence that Audit Manager classified as compliant on the
lastUpdated date. This includes evidence that was collected from Security Hub with a Pass
ruling, or collected from Config with a Compliant ruling.
Integer inconclusiveEvidenceCount
The number of evidence without a compliance check ruling. Evidence is inconclusive when the associated control uses Security Hub or Config as a data source but you didn't enable those services. This is also the case when a control uses a data source that doesn’t support compliance checks (for example: manual evidence, API calls, or CloudTrail).
If evidence has a compliance check status of not applicable, it's classed as inconclusive in
Insights data.
Integer assessmentControlsCountByNoncompliantEvidence
The number of assessment controls that collected non-compliant evidence on the lastUpdated date.
Integer totalAssessmentControlsCount
The total number of controls across all active assessments.
Date lastUpdated
The time when the cross-assessment insights were last updated.
Integer noncompliantEvidenceCount
The number of compliance check evidence that Audit Manager classified as non-compliant. This includes evidence that was collected from Security Hub with a Fail ruling, or collected from Config with a Non-compliant ruling.
Integer compliantEvidenceCount
The number of compliance check evidence that Audit Manager classified as compliant. This includes evidence that was collected from Security Hub with a Pass ruling, or collected from Config with a Compliant ruling.
Integer inconclusiveEvidenceCount
The amount of evidence without a compliance check ruling. Evidence is inconclusive if the associated control uses Security Hub or Config as a data source and you didn't enable those services. This is also the case if a control uses a data source that doesn’t support compliance checks (for example, manual evidence, API calls, or CloudTrail).
If evidence has a compliance check status of not applicable, it's classified as inconclusive in
InsightsByAssessment data.
Integer assessmentControlsCountByNoncompliantEvidence
The number of assessment controls that collected non-compliant evidence on the lastUpdated date.
Integer totalAssessmentControlsCount
The total number of controls in the assessment.
Date lastUpdated
The time when the assessment insights were last updated.
String controlDomainId
The unique identifier for the control domain.
Audit Manager supports the control domains that are provided by Amazon Web Services Control Catalog. For
information about how to find a list of available control domains, see
ListDomains in the Amazon Web Services Control Catalog API Reference.
String assessmentId
The unique identifier for the active assessment.
String nextToken
The pagination token that's used to fetch the next set of results.
Integer maxResults
Represents the maximum number of results on a page or for an API request call.
String requestType
Specifies whether the share request is a sent request or a received request.
String nextToken
The pagination token that's used to fetch the next set of results.
Integer maxResults
Represents the maximum number of results on a page or for an API request call.
String frameworkType
The type of framework, such as a standard framework or a custom framework.
String nextToken
The pagination token that's used to fetch the next set of results.
Integer maxResults
Represents the maximum number of results on a page or for an API request call.
String controlDomainId
The unique identifier for the control domain.
Audit Manager supports the control domains that are provided by Amazon Web Services Control Catalog. For
information about how to find a list of available control domains, see
ListDomains in the Amazon Web Services Control Catalog API Reference.
String nextToken
The pagination token that's used to fetch the next set of results.
Integer maxResults
Represents the maximum number of results on a page or for an API request call.
String controlType
A filter that narrows the list of controls to a specific type.
String nextToken
The pagination token that's used to fetch the next set of results.
Integer maxResults
The maximum number of results on a page or for an API request call.
String controlCatalogId
A filter that narrows the list of controls to a specific resource from the Amazon Web Services Control Catalog.
To use this parameter, specify the ARN of the Control Catalog resource. You can specify either a control domain,
a control objective, or a common control. For information about how to find the ARNs for these resources, see
ListDomains ,
ListObjectives , and
ListCommonControls .
You can only filter by one Control Catalog resource at a time. Specifying multiple resource ARNs isn’t currently
supported. If you want to filter by more than one ARN, we recommend that you run the ListControls
operation separately for each ARN.
Alternatively, specify UNCATEGORIZED to list controls that aren't mapped to a Control Catalog
resource. For example, this operation might return a list of custom controls that don't belong to any control
domain or control objective.
String resourceArn
The Amazon Resource Name (ARN) of the resource.
String s3ResourcePath
The S3 URL of the object that's imported as manual evidence.
String textResponse
The plain text response that's entered and saved as manual evidence.
String evidenceFileName
The name of the file that's uploaded as manual evidence. This name is populated using the
evidenceFileName value from the
GetEvidenceFileUploadUrl API response.
String id
The unique identifier for the notification.
String assessmentId
The identifier for the assessment.
String assessmentName
The name of the related assessment.
String controlSetId
The identifier for the control set.
String controlSetName
Specifies the name of the control set that the notification is about.
String description
The description of the notification.
Date eventTime
The time when the notification was sent.
String source
The sender of the notification.
String status
The status of the account registration request.
String adminAccountId
The identifier for the delegated administrator account.
String arn
The Amazon Resource Name (ARN) for the resource.
String value
The value of the resource.
String complianceCheck
The evaluation status for a resource that was assessed when collecting compliance check evidence.
Audit Manager classes the resource as non-compliant if Security Hub reports a Fail result, or if Config reports a Non-compliant result.
Audit Manager classes the resource as compliant if Security Hub reports a Pass result, or if Config reports a Compliant result.
If a compliance check isn't available or applicable, then no compliance evaluation can be made for that resource. This is the case if a resource assessment uses Config or Security Hub as the underlying data source type, but those services aren't enabled. This is also the case if the resource assessment uses an underlying data source type that doesn't support compliance checks (such as manual evidence, Amazon Web Services API calls, or CloudTrail).
String roleType
The type of customer persona.
In CreateAssessment, roleType can only be PROCESS_OWNER.
In UpdateSettings, roleType can only be PROCESS_OWNER.
In BatchCreateDelegationByAssessment, roleType can only be RESOURCE_OWNER.
String roleArn
The Amazon Resource Name (ARN) of the IAM role.
List<E> awsAccounts
The Amazon Web Services accounts that are included in the scope of the assessment.
List<E> awsServices
The Amazon Web Services services that are included in the scope of the assessment.
This API parameter is no longer supported. If you use this parameter to specify one or more Amazon Web Services,
Audit Manager ignores this input. Instead, the value for awsServices will show as empty.
String name
The name of the Amazon Web Service.
String displayName
The display name of the Amazon Web Service.
String description
The description of the Amazon Web Service.
String category
The category that the Amazon Web Service belongs to, such as compute, storage, or database.
Boolean isAwsOrgEnabled
Specifies whether Organizations is enabled.
String snsTopic
The designated Amazon Simple Notification Service (Amazon SNS) topic.
AssessmentReportsDestination defaultAssessmentReportsDestination
The default S3 destination bucket for storing assessment reports.
List<E> defaultProcessOwners
The designated default audit owners.
String kmsKey
The KMS key details.
EvidenceFinderEnablement evidenceFinderEnablement
The current evidence finder status and event data store details.
DeregistrationPolicy deregistrationPolicy
The deregistration policy for your Audit Manager data. You can use this attribute to determine how your data is handled when you deregister Audit Manager.
DefaultExportDestination defaultExportDestination
The default S3 destination bucket for storing evidence finder exports.
String keywordInputType
The input method for the keyword.
SELECT_FROM_LIST is used when mapping a data source for automated evidence.
When keywordInputType is SELECT_FROM_LIST, a keyword must be selected to collect
automated evidence. For example, this keyword can be a CloudTrail event name, a rule name for Config, a Security
Hub control, or the name of an Amazon Web Services API call.
UPLOAD_FILE and INPUT_TEXT are only used when mapping a data source for manual
evidence.
When keywordInputType is UPLOAD_FILE, a file must be uploaded as manual evidence.
When keywordInputType is INPUT_TEXT, text must be entered as manual evidence.
String keywordValue
The value of the keyword that's used when mapping a control data source. For example, this can be a CloudTrail event name, a rule name for Config, a Security Hub control, or the name of an Amazon Web Services API call.
If you’re mapping a data source to a rule in Config, the keywordValue that you specify depends on
the type of rule:
For managed
rules, you can use the rule identifier as the keywordValue. You can find the rule identifier
from the list
of Config managed rules. For some rules, the rule identifier is different from the rule name. For example,
the rule name restricted-ssh has the following rule identifier: INCOMING_SSH_DISABLED.
Make sure to use the rule identifier, not the rule name.
Keyword example for managed rules:
Managed rule name: s3-bucket-acl-prohibited
keywordValue: S3_BUCKET_ACL_PROHIBITED
For custom
rules, you form the keywordValue by adding the Custom_ prefix to the rule name.
This prefix distinguishes the custom rule from a managed rule.
Keyword example for custom rules:
Custom rule name: my-custom-config-rule
keywordValue: Custom_my-custom-config-rule
For service
-linked rules, you form the keywordValue by adding the Custom_ prefix to the rule
name. In addition, you remove the suffix ID that appears at the end of the rule name.
Keyword examples for service-linked rules:
Service-linked rule name: CustomRuleForAccount-conformance-pack-szsm1uv0w
keywordValue: Custom_CustomRuleForAccount-conformance-pack
Service-linked rule name: OrgConfigRule-s3-bucket-versioning-enabled-dbgzf8ba
keywordValue: Custom_OrgConfigRule-s3-bucket-versioning-enabled
The keywordValue is case sensitive. If you enter a value incorrectly, Audit Manager might not
recognize the data source mapping. As a result, you might not successfully collect evidence from that data source
as intended.
Keep in mind the following requirements, depending on the data source type that you're using.
For Config:
For managed rules, make sure that the keywordValue is the rule identifier in
ALL_CAPS_WITH_UNDERSCORES. For example, CLOUDWATCH_LOG_GROUP_ENCRYPTED. For accuracy,
we recommend that you reference the list of supported
Config managed rules.
For custom rules, make sure that the keywordValue has the Custom_ prefix followed by
the custom rule name. The format of the custom rule name itself may vary. For accuracy, we recommend that you
visit the Config console to verify your custom rule name.
For Security Hub: The format varies for Security Hub control names. For accuracy, we recommend that you reference the list of supported Security Hub controls.
For Amazon Web Services API calls: Make sure that the keywordValue is written as
serviceprefix_ActionName. For example, iam_ListGroups. For accuracy, we recommend that
you reference the list of supported API
calls.
For CloudTrail: Make sure that the keywordValue is written as serviceprefix_ActionName.
For example, cloudtrail_StartLogging. For accuracy, we recommend that you review the Amazon Web
Service prefix and action names in the Service Authorization Reference.
String frameworkId
The unique identifier for the custom framework to be shared.
String destinationAccount
The Amazon Web Services account of the recipient.
String destinationRegion
The Amazon Web Services Region of the recipient.
String comment
An optional comment from the sender about the share request.
AssessmentFrameworkShareRequest assessmentFrameworkShareRequest
The share request that's created by the StartAssessmentFrameworkShare API.
String assessmentId
The unique identifier for the assessment.
String controlSetId
The unique identifier for the control set.
String controlId
The unique identifier for the control.
String controlStatus
The status of the control.
String commentBody
The comment body text for the control.
AssessmentControl control
The name of the updated control set that the UpdateAssessmentControl API returned.
AssessmentControlSet controlSet
The name of the updated control set that the UpdateAssessmentControlSetStatus API returned.
String frameworkId
The unique identifier for the framework.
String name
The name of the framework to be updated.
String description
The description of the updated framework.
String complianceType
The compliance type that the new custom framework supports, such as CIS or HIPAA.
List<E> controlSets
The control sets that are associated with the framework.
Framework framework
The name of the framework.
AssessmentFrameworkShareRequest assessmentFrameworkShareRequest
The updated share request that's returned by the UpdateAssessmentFrameworkShare operation.
String assessmentId
The unique identifier for the assessment.
String assessmentName
The name of the assessment to be updated.
String assessmentDescription
The description of the assessment.
Scope scope
The scope of the assessment.
AssessmentReportsDestination assessmentReportsDestination
The assessment report storage destination for the assessment that's being updated.
List<E> roles
The list of roles for the assessment.
Assessment assessment
The response object for the UpdateAssessment API. This is the name of the updated assessment.
Assessment assessment
The name of the updated assessment that the UpdateAssessmentStatus API returned.
String controlId
The identifier for the control.
String name
The name of the updated control.
String description
The optional description of the control.
String testingInformation
The steps that you should follow to determine if the control is met.
String actionPlanTitle
The title of the action plan for remediating the control.
String actionPlanInstructions
The recommended actions to carry out if the control isn't fulfilled.
List<E> controlMappingSources
The data mapping sources for the control.
Control control
The name of the updated control set that the UpdateControl API returned.
String snsTopic
The Amazon Simple Notification Service (Amazon SNS) topic that Audit Manager sends notifications to.
AssessmentReportsDestination defaultAssessmentReportsDestination
The default S3 destination bucket for storing assessment reports.
List<E> defaultProcessOwners
A list of the default audit owners.
String kmsKey
The KMS key details.
Boolean evidenceFinderEnabled
Specifies whether the evidence finder feature is enabled. Change this attribute to enable or disable evidence finder.
When you use this attribute to disable evidence finder, Audit Manager deletes the event data store that’s used to query your evidence data. As a result, you can’t re-enable evidence finder and use the feature again. Your only alternative is to deregister and then re-register Audit Manager.
DeregistrationPolicy deregistrationPolicy
The deregistration policy for your Audit Manager data. You can use this attribute to determine how your data is handled when you deregister Audit Manager.
DefaultExportDestination defaultExportDestination
The default S3 destination bucket for storing evidence finder exports.
Settings settings
The current list of settings.
String s3RelativePath
The relative path of the Amazon S3 bucket that the assessment report is stored in.
Boolean signatureValid
Specifies whether the signature key is valid.
String signatureAlgorithm
The signature algorithm that's used to code sign the assessment report file.
String signatureDateTime
The date and time signature that specifies when the assessment report was created.
String signatureKeyId
The unique identifier for the validation signature key.
List<E> validationErrors
Represents any errors that occurred when validating the assessment report.
Copyright © 2024. All rights reserved.