Package com.cloudforgeci.api.core.rules

Record Class AuditManagerControl

java.lang.Object
java.lang.Record
com.cloudforgeci.api.core.rules.AuditManagerControl
Record Components:
controlId - Unique identifier for this control (matches ComplianceMatrix enum)
description - Human-readable description of what this control enforces
configRuleIds - List of AWS Config rule IDs that monitor this control
frameworkMappings - List of framework-specific control mappings
evidenceSources - AWS services providing evidence (cloudtrail, config, securityhub, etc.)
public record AuditManagerControl(String controlId, String description, List<String> configRuleIds, List<AuditManagerControl.FrameworkControl> frameworkMappings, List<String> evidenceSources) extends Record
Maps compliance controls to AWS infrastructure monitoring and Audit Manager evidence.

This record bridges the gap between:

  • Validation Rules - CDK synthesis-time checks (Soc2Rules, PciDssRules, etc.)
  • AWS Config Rules - Runtime infrastructure compliance monitoring
  • Audit Manager Controls - Continuous evidence collection and audit reports

Example Usage


 // Define control mapping for encryption at rest
 AuditManagerControl ebsEncryption = new AuditManagerControl(
     "ENCRYPTION_AT_REST",
     "EBS volumes must be encrypted",
     List.of("EbsEncryptionRule"),  // Config rules monitoring this
     List.of(
         new FrameworkControl("SOC2", "CC6.1", "Logical and Physical Access Controls"),
         new FrameworkControl("PCI-DSS", "Req3.4", "Render PAN unreadable"),
         new FrameworkControl("HIPAA", "164.312(a)(2)(iv)", "Encryption and Decryption")
     ),
     List.of("cloudtrail", "config")  // Evidence sources
 );

  • Constructor Details

  • Method Details

    • getConfigRulesForFramework

      public List<String> getConfigRulesForFramework(String framework)
      Get Config rule IDs for a specific framework. Returns all Config rules that apply to this control's framework mapping.

    • getFrameworkControl

      public Optional<AuditManagerControl.FrameworkControl> getFrameworkControl(String framework)
      Get framework control by framework name.

    • appliesToFramework

      public boolean appliesToFramework(String framework)
      Check if this control applies to a specific framework.

    • toString

      public final String toString()
      Returns a string representation of this record class. The representation contains the name of the class, followed by the name and value of each of the record components.
      Specified by:
      toString in class Record
      Returns:
      a string representation of this object

    • hashCode

      public final int hashCode()
      Returns a hash code value for this object. The value is derived from the hash code of each of the record components.
      Specified by:
      hashCode in class Record
      Returns:
      a hash code value for this object

    • equals

      public final boolean equals(Object o)
      Indicates whether some other object is "equal to" this one. The objects are equal if the other object is of the same class and if all the record components are equal. All components in this record class are compared with Objects::equals(Object,Object).
      Specified by:
      equals in class Record
      Parameters:
      o - the object with which to compare
      Returns:
      true if this object is the same as the o argument; false otherwise.

    • controlId

      public String controlId()
      Returns the value of the controlId record component.
      Returns:
      the value of the controlId record component

    • description

      public String description()
      Returns the value of the description record component.
      Returns:
      the value of the description record component

    • configRuleIds

      public List<String> configRuleIds()
      Returns the value of the configRuleIds record component.
      Returns:
      the value of the configRuleIds record component

    • frameworkMappings

      public List<AuditManagerControl.FrameworkControl> frameworkMappings()
      Returns the value of the frameworkMappings record component.
      Returns:
      the value of the frameworkMappings record component

    • evidenceSources

      public List<String> evidenceSources()
      Returns the value of the evidenceSources record component.
      Returns:
      the value of the evidenceSources record component