Amazon Web Services (AWS) Audit Program 

download now Free to members only.
Non-members Join today to get your free copy, or purchase the file for US $49.

  Provide feedback on this document
Knowledge Center  Visit the Audit community

The primary purpose of the Amazon Web Services (AWS) Audit Program is to provide a means for organizations to evaluate their deployments of AWS. This assessment facilitates assurance that the configuration and maintenance of AWS services support business objectives. Accordingly, the audit program gives consideration to the intended use of AWS services and interrelationships of AWS services.

Audit Objectives

In considering specific areas of the AWS deployment, the audit program provides control objectives, controls and test steps around:

  • Governance
  • Network Configuration and Management
  • Asset Configuration and Management
  • Logical Access Control
  • Data Encryption Controls
  • Logging and Event Management
  • Disaster Recovery
  • Incident Response

Each enterprise’s AWS deployment may have been tailored to suite the enterprise’s particular business needs and objectives. The audit program, however, provides a solid basis for all enterprises to assess whether operational and compliance expectations can be met given its current AWS environment.

As an IT audit and assurance professional, you are expected to customize this document for your unique assurance process environment. Use it as a review tool or starting point to modify for your purposes, rather than as a checklist or questionnaire. Keep in mind that to use this document for maximum effectiveness, you should hold the Certified Information Systems Auditor (CISA) designation or have the necessary subject matter expertise to conduct your assurance process while under the supervision of a professional who holds the CISA designation.