Auditing is a steady and ongoing course of, and each audit consists of the gathering of proof. The proof gathered helps verify the state of sources and it’s used to reveal that the client’s insurance policies, procedures, and actions (controls), are in place, and that the management has been operational for a specified time frame. AWS Audit Supervisor already automates this proof assortment for AWS utilization. Nevertheless, massive enterprise organizations who deploy their workloads throughout a spread of places comparable to cloud, on-premises, or a mix of each, handle this proof information utilizing a mix of third-party or homegrown instruments, spreadsheets, and emails.
In the present day we’re excited to announce the combination of AWS Audit Supervisor with third social gathering Governance, Threat, and Compliance (GRC) supplier, MetricStream CyberGRC, an AWS Accomplice with GRC capabilities. This integration permits enterprises to handle compliance throughout AWS, on-premises, and different cloud environments in a centralized GRC setting.
Earlier than this announcement, Audit Supervisor operated solely within the AWS context, permitting clients to gather compliance proof for sources in AWS. They might then relay that info to their GRC programs exterior to AWS for extra aggregation and evaluation. This course of left clients with out an automatic strategy to monitor and consider all compliance information in a single centralized location, leading to delays to compliance outcomes.
The GRC integration with Audit Supervisor lets you use audit proof collected by Audit Supervisor instantly in MetricStream CyberGRC. Audit Supervisor now receives the controls in scope from MetricStream CyberGRC, collects proof round these controls, and exports the information associated to the audit into MetricStream CyberGRC for aggregation and evaluation. You’ll now have aggregated compliance, real-time monitoring and centralized reporting. It will scale back compliance fatigue and enhance stakeholder collaboration.
How It Works
Utilizing Amazon Cognito Consumer Swimming pools, you’ll be onboarded into the multi-tenant occasion of MetricStream CyberGRC.
As soon as onboarded, you’ll be capable of view AWS property and frameworks inside MetricStream CyberGRC. You may then start by selecting the acceptable Audit Supervisor framework to outline the relationships between your present enterprise controls and AWS controls. After creating this one-time management mapping, you’ll be able to outline the accounts in scope to create an evaluation that MetricStream CyberGRC will handle in AWS Audit Supervisor in your behalf. This evaluation triggers AWS Audit Supervisor to gather proof in context of the mapped controls. Consequently, you get a unified view of compliance proof inside your GRC utility. Any commonplace controls that you’ve got in Audit Supervisor shall be offered to MetricStream CyberGRC through the use of the
GetControl API to facilitate handbook mapping course of wherever automated mapping fails or doesn’t suffice. The
EvidenceFinder API will ship bulk proof from Audit Supervisor to MetricStream CyberGRC.
This function is on the market in the present day the place Audit Supervisor (AWS Areas) and MetricStream CyberGRC are each accessible. There are not any extra AWS Audit Supervisor prices for utilizing this integration. To make use of this integration, please attain out to MetricStream for details about entry and buy of MetricStream CyberGRC software program.
As a part of the AWS Free Tier, AWS Audit Supervisor presents a free tier for first-time clients. The free tier will expire in two calendar months after the primary subscription. For extra info, see AWS Audit Supervisor pricing. To study extra about AWS Audit Supervisor integration with MetricStream CyberGRC, see Audit Supervisor documentation.