# Create a design review Assess your design documents against organization security requirements by uploading files for AWS Security Agent to review. Design reviews help identify security issues early in the development lifecycle, enabling you to address architectural concerns when they are most cost-effective to resolve. AWS Security Agent analyzes your design documents against your organization’s security requirements, providing detailed security findings to improve security posture before implementation begins. In this procedure, you’ll create a design review by uploading design files for analysis. ## Prerequisites Before you begin, ensure you have: + Access to the AWS Security Agent web application + Design documents ready for upload (DOC, DOCX, JPEG, MD, PDF, PNG and TXT) + Each file must be 2MB or smaller, with a combined total of 6MB across all files + Understanding of which security requirements are enabled for your organization ## Step 1: Start creating a design review Navigate to the design review creation page in the Agent Web App. 1. Log in to the AWS Security Agent web application. 1. Navigate to the **Design reviews** section. 1. Click **Create Design Review**. **Tip** You can view your organization’s enabled security requirements by navigating to the **Security requirements** page in the AWS Security Agent console. Click on any enabled requirement to view its details. These requirements are used to analyze your design files. ## Step 2: Name your design review Provide a descriptive name that helps identify the purpose and scope of this design review. 1. In the **Design review name** section, locate the **Name** field. 1. Enter a descriptive name for your design review. **Note** The name should clearly identify the project, feature, or component being reviewed. Maximum 80 characters. ## Step 3: Upload design files Upload the design documents you want AWS Security Agent to analyze for security compliance. 1. In the **Files to review** section, review the file requirements: **Important** A maximum of 5 files may be uploaded per design review. Each file must be 2MB or smaller, with a combined total of 6MB across all files. Supported formats: DOC, DOCX, JPEG, MD, PDF, PNG and TXT. 1. Upload your files using one of these methods: 1. **Drag and drop** – Drag files directly into the file dropzone area 1. **Browse** – Click **Choose files** to browse and select files from your computer 1. Verify that all required files are uploaded. **Tip** For best results, include architecture diagrams, design specifications, and technical documentation that describe your system’s security-relevant components and data flows. ## Step 4: Initiate the design review After configuring all required information, initiate the security analysis of your design documents. 1. Review all uploaded files and settings to ensure accuracy. 1. Click **Start design review** at the bottom of the page. 1. AWS Security Agent will analyze your design documents against enabled security requirements. **Note** The design review process typically completes within minutes, depending on the number and size of files uploaded. You’ll receive security findings based on your organization’s security requirements. ## Next steps After starting your design review: + Monitor the review progress in the Agent Web App + Review security findings + Share findings with your development team + Address identified security findings in your design + Update design documents and resubmit if needed # Review findings from a design review Review findings help you understand which security requirements are met, which need attention, and what actions to take to improve your design’s security posture before implementation begins. In this procedure, you’ll learn how to access, filter, and interpret design review findings to address security findings effectively. ## Prerequisites Before you begin, ensure you have: + A completed design review + Access to the AWS Security Agent web application + Familiarity with your organization’s enabled security requirements ## Step 1: Access the design review Navigate to your design review to view the findings and summary information. 1. Log in to the AWS Security Agent web application. 1. Navigate to the **Design reviews** section. 1. Select the design review you want to examine from the list. **Tip** The design review details page displays a summary of review status, completion date, and the number of files reviewed. ## Step 2: Review the findings summary Examine the high-level summary to understand the overall security posture of your design. 1. Locate the **Summary** section near the top of the page. 1. Review the count for each compliance status category: **Compliant**, **Non-compliant**, **Insufficient data**, and **Not applicable**. **Note** The summary provides counts for each status type, helping you quickly assess the number of findings requiring attention. For detailed explanations of each status, see Step 4. ## Step 3: Filter and navigate findings Use the filtering and search capabilities to focus on specific findings or compliance statuses. 1. In the **Review findings** section, locate the filter controls. 1. To filter by status: 1. Click the status dropdown menu. 1. Select a specific compliance status to view only findings with that status. 1. To search for specific security requirements: 1. Enter keywords in the search field. 1. Results update automatically as you type. 1. Use the pagination controls to navigate through multiple pages of findings. **Tip** Filter by **Non-compliant** status first to prioritize findings that require immediate attention in your design. ## Step 4: Understand compliance statuses Each finding displays a compliance status that indicates how your design addresses a specific security requirement: + **Compliant** – Your design meets the security requirement based on the analysis + **Non-compliant** – Your design violates or inadequately addresses the security requirement + **Insufficient data** – The uploaded files lack enough information to determine compliance + **Not applicable** – The security requirement doesn’t apply to your system design **Important** Focus on **Non-compliant** and **Insufficient data** statuses, as these require action. Address non-compliant findings by updating your design, and resolve insufficient data findings by uploading additional design documentation. ## Step 5: View finding details Select individual findings to view detailed justification and remediation guidance. 1. In the findings table, click on a security requirement name. 1. Review the finding details, which include: + The specific security requirement being evaluated + A comment explaining why the finding received its compliance status, including specific details about what’s missing or non-compliant + Recommended remediation guidance to address the finding + Links to your organization’s internal documentation or standards for the security requirement **Note** The comment explains AWS Security Agent’s reasoning with specific details. For insufficient data findings, the comment identifies what information is missing, such as "The design documents don’t mention authentication mechanisms" or "No information found about data encryption at rest." ## Step 6: Address findings Take action on findings that require attention to improve your design’s security posture. For **Non-compliant** findings: 1. Review the recommended remediation guidance. 1. Review any linked internal documentation for additional context. 1. Update your design documents to address the security requirement. 1. Document the changes you make for future reference. For **Insufficient data** findings: 1. Read the comment carefully to understand what specific information is missing. 1. Create or update design documents with the missing details. 1. Prepare the updated files for resubmission. ## Next steps After reviewing your design findings: + Download the findings report as a CSV file for sharing with your team + Update design documents to address non-compliant findings + Create additional documentation for insufficient data findings + Share findings with your development team for discussion + Clone this design review to create a new review with the original documents pre-loaded, allowing you to update the name and run the analysis again to verify improvements + Proceed with implementation for designs that meet compliance requirements For more information about managing security requirements, see [Manage security requirements](security-requirements.md). For more information about creating design reviews, see [Create a design review](perform-design-review.md).