AU-9: Protection Of Audit Information

CSF v1.1 References:


Next Version:

Control Statement

The information system protects audit information and audit tools from unauthorized access, modification, and deletion.

Supplemental Guidance

Audit information includes all information (e.g., audit records, audit settings, and audit reports) needed to successfully audit information system activity. This control focuses on technical protection of audit information. Physical protection of audit information is addressed by media protection controls and physical and environmental protection controls.

Control Enhancements

AU-9(3): Cryptographic Protection


  • High

The information system implements cryptographic mechanisms to protect the integrity of audit information and audit tools.

AU-9(5): Dual Authorization


(Not part of any baseline)

The organization enforces dual authorization for [Selection (one or more): movement; deletion] of [Assignment: organization-defined audit information].

AU-9(6): Read Only Access


(Not part of any baseline)

The organization authorizes read-only access to audit information to [Assignment: organization-defined subset of privileged users].