AWS audit-manager documentation change
Summary
Added section explaining inconclusive evidence classification
Security assessment
Documents evidence evaluation processes but does not indicate security vulnerability fixes. Enhances transparency about security control limitations.
Diff
diff --git a/audit-manager/latest/userguide/how-evidence-is-collected.md b/audit-manager/latest/userguide/how-evidence-is-collected.md index f5f325b04..e899b2d5a 100644 --- a//audit-manager/latest/userguide/how-evidence-is-collected.md +++ b//audit-manager/latest/userguide/how-evidence-is-collected.md @@ -38,0 +39,2 @@ Evidence collection is an ongoing process that starts when you create your asses + * AWS Audit Manager marks evidence as inconclusive when automated compliance evaluation isn't possible. This occurs when you haven't enabled AWS Config or AWS Security Hub, which are key data sources. It also happens when evidence is collected directly from AWS services via API calls, AWS CloudTrail logs, or manual uploads. When there's no mechanism for automatic evaluation of this evidence, AWS Audit Manager can't provide evaluation details. As a result, it marks the evidence as inconclusive. Inconclusive evidence doesn't indicate failure. Instead, it signals that you need to manually evaluate the evidence for compliance. +