AWS audit-manager documentation change
Summary
Expanded explanation of inconclusive evidence classification and manual evaluation guidance
Security assessment
Improves documentation about evidence evaluation workflow but does not indicate resolution of security vulnerabilities. Strengthens security posture awareness.
Diff
diff --git a/audit-manager/latest/userguide/dashboard.md b/audit-manager/latest/userguide/dashboard.md index e97e65593..0edc92890 100644 --- a//audit-manager/latest/userguide/dashboard.md +++ b//audit-manager/latest/userguide/dashboard.md @@ -62 +62 @@ Inconclusive evidence** -Evidence is _inconclusive_ if a compliance check isn’t available or applicable. As a result, no compliance evaluation can be made. This is the case if a control uses AWS Config or AWS Security Hub as a data source type but you didn’t enable those services. This is also the case if the control uses a data source type that doesn't support compliance checks, such as manual evidence, AWS API calls, or AWS CloudTrail. +Evidence is _inconclusive_ if a compliance check isn’t available or applicable. As a result, no compliance evaluation can be made. This is the case if a control uses AWS Config or AWS Security Hub as a data source type but you didn’t enable those services. This is also the case if the control uses a data source type that doesn't support compliance checks, such as manual evidence, AWS API calls, or AWS CloudTrail. In the console, evidence with a compliance check status of _not applicable_ is classified as _inconclusive_ in the dashboard. @@ -64 +64,5 @@ Evidence is _inconclusive_ if a compliance check isn’t available or applicable -If evidence has a compliance check status of _not applicable_ in the console, it's classified as _inconclusive_ in the dashboard. +You can use the inconclusive evidence to manually evaluate a control's compliance. + +###### Note + +Inconclusive evidence doesn't indicate failure, it signals that you should manually evaluate the evidence for compliance.