The information system protects audit information and audit tools from unauthorized access, modification, and deletion.
Audit information includes all information (e.g., audit records, audit settings, and audit reports) needed to successfully audit information system activity. This control focuses on technical protection of audit information. Physical protection of audit information is addressed by media protection controls and physical and environmental protection controls.
The information system writes audit trails to hardware-enforced, write-once media.
The information system backs up audit records [Assignment: organization-defined frequency] onto a physically different system or system component than the system or component being audited.
The information system implements cryptographic mechanisms to protect the integrity of audit information and audit tools.
The organization authorizes access to management of audit functionality to only [Assignment: organization-defined subset of privileged users].
The organization enforces dual authorization for [Selection (one or more): movement; deletion] of [Assignment: organization-defined audit information].
The organization authorizes read-only access to audit information to [Assignment: organization-defined subset of privileged users].