Viewing framework compliance status
Once you create an audit framework, it appears in your Frameworks table. You can view this table by choosing Frameworks in the left navigation pane of the Amazon Backup console. To view the audit results for your framework, choose its Framework name. Doing so takes you to the Framework detail page, which has two sections: Summary and Controls.
The Summary section lists the following statuses from left to right:
-
Compliance status is your audit framework’s overall compliance status as determined by the compliance status of each of its controls. Each control’s compliance status is determined by the compliance status of each resource it evaluates.
Framework compliance status is
Compliant
only if all resources in the scope of your control evaluations have passed those evaluations. If one or more resources failed a control evaluation, the compliance status will beNon-Compliant
. For information on how to find your non-compliant resources, see Finding non-compliant resources. For information on how to bring your resources into compliance, see the remediation section of Amazon Backup Audit Manager controls and remediation. -
Framework status refers to whether you have turned on resource tracking for all of your resources. The possible statuses are:
-
Active
when recording is turned on for all resources the framework evaluates. -
Partially active
when recording is turned off for at least one resource the framework evaluates. -
Inactive
when recording is turned off for all resources that the framework evaluates. -
Unavailable
when Amazon Backup Audit Manager is unable to validate recording status at this time.
To correct a
Partially active
orInactive
status-
Choose Frameworks from the left navigation pane.
-
Choose Manage resource tracking.
-
Follow the instructions in the pop-up to enable recording that were previously not enabled for your resource types.
For more information about which resource types require resource tracking based on the controls you included in your frameworks, see the resource component of Amazon Backup Audit Manager controls and remediation.
-
-
Deployment status refers to your framework’s deployment status. This status should most often be
Completed
, but can also beCreate in progress
,Update in progress
,Delete in progress
, andFailed
.A status of
Failed
means the framework didn't deploy correctly. Delete the framework, then recreate the framework through the Amazon Backup console or through Amazon Backup API.
-
Compliant controls show a count of framework controls with all evaluations passing.
-
Non-compliant controls show a count of framework controls with at least one evaluation not passing.
The Controls section shows you the following information:
-
Control status refers to each control's compliance status. A control can be
Compliant
, meaning all resources pass that evaluation;Non-compliant
, meaning that at least one resource did not pass that evaluation, orInsufficient data
, meaning the control found no resources within the evaluation scope to evaluate. -
Evaluation scope might limit each control to one or more Resource types, one Resource ID, or one Tag key and Tag value, based on how you customized your control when creating your audit framework. If all fields are empty (as shown by a dash, "-"), then the control evaluates all applicable resources.