Auditing is a steady and ongoing course of, and each audit consists of the gathering of proof. The proof gathered helps verify the state of sources and it’s used to exhibit that the shopper’s insurance policies, procedures, and actions (controls), are in place, and that the management has been operational for a specified time period. AWS Audit Supervisor already automates this proof assortment for AWS utilization. Nevertheless, giant enterprise organizations who deploy their workloads throughout a spread of places corresponding to cloud, on-premises, or a mixture of each, handle this proof information utilizing a mixture of third-party or homegrown instruments, spreadsheets, and emails.
At present we’re excited to announce the mixing of AWS Audit Supervisor with third get together Governance, Threat, and Compliance (GRC) supplier, MetricStream CyberGRC, an AWS Accomplice with GRC capabilities. This integration permits enterprises to handle compliance throughout AWS, on-premises, and different cloud environments in a centralized GRC setting.
Earlier than this announcement, Audit Supervisor operated solely within the AWS context, permitting prospects to gather compliance proof for sources in AWS. They’d then relay that info to their GRC methods exterior to AWS for added aggregation and evaluation. This course of left prospects with out an automatic technique to monitor and consider all compliance information in a single centralized location, leading to delays to compliance outcomes.
The GRC integration with Audit Supervisor means that you can use audit proof collected by Audit Supervisor straight in MetricStream CyberGRC. Audit Supervisor now receives the controls in scope from MetricStream CyberGRC, collects proof round these controls, and exports the information associated to the audit into MetricStream CyberGRC for aggregation and evaluation. You’ll now have aggregated compliance, real-time monitoring and centralized reporting. This may cut back compliance fatigue and enhance stakeholder collaboration.
How It Works
Utilizing Amazon Cognito Person Swimming pools, you’ll be onboarded into the multi-tenant occasion of MetricStream CyberGRC.
As soon as onboarded, you’ll have the ability to view AWS belongings and frameworks inside MetricStream CyberGRC. You may then start by selecting the acceptable Audit Supervisor framework to outline the relationships between your current enterprise controls and AWS controls. After creating this one-time management mapping, you possibly can outline the accounts in scope to create an evaluation that MetricStream CyberGRC will handle in AWS Audit Supervisor in your behalf. This evaluation triggers AWS Audit Supervisor to gather proof in context of the mapped controls. In consequence, you get a unified view of compliance proof inside your GRC utility. Any customary controls that you’ve got in Audit Supervisor will likely be offered to MetricStream CyberGRC by utilizing the
GetControl API to facilitate guide mapping course of wherever automated mapping fails or doesn’t suffice. The
EvidenceFinder API will ship bulk proof from Audit Supervisor to MetricStream CyberGRC.
This characteristic is obtainable in the present day the place Audit Supervisor (AWS Areas) and MetricStream CyberGRC are each obtainable. There aren’t any further AWS Audit Supervisor prices for utilizing this integration. To make use of this integration, please attain out to MetricStream for details about entry and buy of MetricStream CyberGRC software program.
As a part of the AWS Free Tier, AWS Audit Supervisor affords a free tier for first-time prospects. The free tier will expire in two calendar months after the primary subscription. For extra info, see AWS Audit Supervisor pricing. To study extra about AWS Audit Supervisor integration with MetricStream CyberGRC, see Audit Supervisor documentation.