Provide feedback on this document
Visit the Audit community
The primary purpose of the Amazon Web Services (AWS) Audit Program is to provide a means for organizations to evaluate their deployments of AWS. This assessment facilitates assurance that the configuration and maintenance of AWS services support business objectives. Accordingly, the audit program gives consideration to the intended use of AWS services and interrelationships of AWS services.
In considering specific areas of the AWS deployment, the audit program provides control objectives, controls and test steps around:
- Network Configuration and Management
- Asset Configuration and Management
- Logical Access Control
- Data Encryption Controls
- Logging and Event Management
- Disaster Recovery
- Incident Response
Each enterprise’s AWS deployment may have been tailored to suite the enterprise’s particular business needs and objectives. The audit program, however, provides a solid basis for all enterprises to assess whether operational and compliance expectations can be met given its current AWS environment.
As an IT audit and assurance professional, you are expected to customize this document for your unique assurance process environment. Use it as a review tool or starting point to modify for your purposes, rather than as a checklist or questionnaire. Keep in mind that to use this document for maximum effectiveness, you should hold the Certified Information Systems Auditor (CISA) designation or have the necessary subject matter expertise to conduct your assurance process while under the supervision of a professional who holds the CISA designation.