AWS Security ChangesHomeSearch

AWS audit-manager documentation change

Service: audit-manager · 2025-06-07 · Documentation low

File: audit-manager/latest/userguide/dashboard.md

Summary

Expanded explanation of inconclusive evidence classification and manual evaluation guidance

Security assessment

Improves documentation about evidence evaluation workflow but does not indicate resolution of security vulnerabilities. Strengthens security posture awareness.

Diff

diff --git a/audit-manager/latest/userguide/dashboard.md b/audit-manager/latest/userguide/dashboard.md
index e97e65593..0edc92890 100644
--- a//audit-manager/latest/userguide/dashboard.md
+++ b//audit-manager/latest/userguide/dashboard.md
@@ -62 +62 @@ Inconclusive evidence**
-Evidence is _inconclusive_ if a compliance check isn’t available or applicable. As a result, no compliance evaluation can be made. This is the case if a control uses AWS Config or AWS Security Hub as a data source type but you didn’t enable those services. This is also the case if the control uses a data source type that doesn't support compliance checks, such as manual evidence, AWS API calls, or AWS CloudTrail. 
+Evidence is _inconclusive_ if a compliance check isn’t available or applicable. As a result, no compliance evaluation can be made. This is the case if a control uses AWS Config or AWS Security Hub as a data source type but you didn’t enable those services. This is also the case if the control uses a data source type that doesn't support compliance checks, such as manual evidence, AWS API calls, or AWS CloudTrail. In the console, evidence with a compliance check status of _not applicable_ is classified as _inconclusive_ in the dashboard.
@@ -64 +64,5 @@ Evidence is _inconclusive_ if a compliance check isn’t available or applicable
-If evidence has a compliance check status of _not applicable_ in the console, it's classified as _inconclusive_ in the dashboard.
+You can use the inconclusive evidence to manually evaluate a control's compliance. 
+
+###### Note
+
+Inconclusive evidence doesn't indicate failure, it signals that you should manually evaluate the evidence for compliance.