|
Auditing is a steady and ongoing course of, and each audit consists of the gathering of proof. The proof gathered helps verify the state of assets and it’s used to reveal that the shopper’s insurance policies, procedures, and actions (controls), are in place, and that the management has been operational for a specified time period. AWS Audit Supervisor already automates this proof assortment for AWS utilization. Nevertheless, giant enterprise organizations who deploy their workloads throughout a variety of areas comparable to cloud, on-premises, or a mix of each, handle this proof information utilizing a mix of third-party or homegrown instruments, spreadsheets, and emails.
As we speak we’re excited to announce the combination of AWS Audit Supervisor with third get together Governance, Danger, and Compliance (GRC) supplier, MetricStream CyberGRC, an AWS Companion with GRC capabilities. This integration permits enterprises to handle compliance throughout AWS, on-premises, and different cloud environments in a centralized GRC setting.
Earlier than this announcement, Audit Supervisor operated solely within the AWS context, permitting clients to gather compliance proof for assets in AWS. They might then relay that data to their GRC programs exterior to AWS for extra aggregation and evaluation. This course of left clients with out an automatic option to monitor and consider all compliance information in a single centralized location, leading to delays to compliance outcomes.
The GRC integration with Audit Supervisor lets you use audit proof collected by Audit Supervisor instantly in MetricStream CyberGRC. Audit Supervisor now receives the controls in scope from MetricStream CyberGRC, collects proof round these controls, and exports the info associated to the audit into MetricStream CyberGRC for aggregation and evaluation. You’ll now have aggregated compliance, real-time monitoring and centralized reporting. This may cut back compliance fatigue and enhance stakeholder collaboration.
How It Works
Utilizing Amazon Cognito Person Swimming pools, you’ll be onboarded into the multi-tenant occasion of MetricStream CyberGRC.
Amazon Cognito Person Swimming pools
As soon as onboarded, you’ll be capable of view AWS belongings and frameworks inside MetricStream CyberGRC. You may then start by selecting the appropriate Audit Supervisor framework to outline the relationships between your present enterprise controls and AWS controls. After creating this one-time management mapping, you’ll be able to outline the accounts in scope to create an evaluation that MetricStream CyberGRC will handle in AWS Audit Supervisor in your behalf. This evaluation triggers AWS Audit Supervisor to gather proof in context of the mapped controls. Because of this, you get a unified view of compliance proof inside your GRC utility. Any commonplace controls that you’ve in Audit Supervisor shall be offered to MetricStream CyberGRC by utilizing the GetControl API to facilitate handbook mapping course of wherever automated mapping fails or doesn’t suffice. The EvidenceFinder API will ship bulk proof from Audit Supervisor to MetricStream CyberGRC.
Out there Now
This characteristic is accessible at the moment the place Audit Supervisor (AWS Areas) and MetricStream CyberGRC are each out there. There aren’t any further AWS Audit Supervisor fees for utilizing this integration. To make use of this integration, please attain out to MetricStream for details about entry and buy of MetricStream CyberGRC software program.
As a part of the AWS Free Tier, AWS Audit Supervisor provides a free tier for first-time clients. The free tier will expire in two calendar months after the primary subscription. For extra data, see AWS Audit Supervisor pricing. To be taught extra about AWS Audit Supervisor integration with MetricStream CyberGRC, see Audit Supervisor documentation.
– Veliswa
