With more and more organizations continuing to adopt cloud services and hosting on public cloud platforms, knowing how to audit these platforms becomes crucial. Amazon Web Services (AWS) is not the only public cloud platform, but it is used prevalently throughout many industries. Organizational use of AWS as well as operational, security and compliance elements of AWS, are all criticalfor IT auditors to understand when considering specific risk areas to audit.
To help auditors determine if AWS supports operational and compliance objectives, ISACA has released the Amazon Web Services (AWS) Audit Program, which covers considering AWS in terms of:
- Governance
- Network configuration and management
- Asset configuration and management
- Logical access control
- Data encryption control
- Security incident response
- Security logging and monitoring
- Disaster recovery
Conducting a formal assessment of an organization’s use of AWS, access to the AWS environment, and management and interrelationships of AWS allows auditors to develop an evaluation of how effectively AWS applications and containers function.
To download this audit program, visit the Amazon Web Services (AWS) Audit Program page of the ISACA website.