AWS audit-manager documentation change
Summary
Added documentation about 'Inconclusive Evidence' classification and manual evaluation requirements
Security assessment
Clarifies evidence handling procedures but does not address specific vulnerabilities. Enhances understanding of security controls without introducing new security features.
Diff
diff --git a/audit-manager/latest/userguide/concepts.md b/audit-manager/latest/userguide/concepts.md index 8597fb82c..68272ee06 100644 --- a//audit-manager/latest/userguide/concepts.md +++ b//audit-manager/latest/userguide/concepts.md @@ -5 +5 @@ -ACDEFRS +ACDEFIRS @@ -366,0 +367,22 @@ You can use the [Sharing a custom framework in AWS Audit Manager](./share-custom +## I + +A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | Q | R | S | T | U | V | W | X | Y | Z + +**Inconclusive Evidence** + + +AWS Audit Manager marks evidence as inconclusive when automated compliance evaluation isn't possible. This occurs in the following situations: + + * You haven't enabled AWS Config or AWS Security Hub, which are key data sources. + + * Evidence is collected directly from AWS services via API calls, AWS CloudTrail logs, or manual uploads. + + + + +When there's no mechanism for automatic evaluation of this evidence, AWS Audit Manager can't provide evaluation details. As a result, it marks the evidence as _inconclusive_. + +###### Important + +Inconclusive evidence doesn't indicate failure. Instead, it signals that you need to manually evaluate the evidence for compliance. +