AU-9: Protection Of Audit Information
Control Family:
CSF v1.1 References:
Threats Addressed:
Next Version:
- NIST Special Publication 800-53 Revision 5:
- AU-9: Protection of Audit Information
Control Statement
The information system protects audit information and audit tools from unauthorized access, modification, and deletion.
Supplemental Guidance
Audit information includes all information (e.g., audit records, audit settings, and audit reports) needed to successfully audit information system activity. This control focuses on technical protection of audit information. Physical protection of audit information is addressed by media protection controls and physical and environmental protection controls.
Control Enhancements
AU-9(1): Hardware Write-Once Media
Baseline(s):
The information system writes audit trails to hardware-enforced, write-once media.
AU-9(2): Audit Backup On Separate Physical Systems / Components
Baseline(s):
- High
The information system backs up audit records [Assignment: organization-defined frequency] onto a physically different system or system component than the system or component being audited.
AU-9(3): Cryptographic Protection
Baseline(s):
- High
The information system implements cryptographic mechanisms to protect the integrity of audit information and audit tools.
AU-9(4): Access By Subset Of Privileged Users
Baseline(s):
- Moderate
- High
The organization authorizes access to management of audit functionality to only [Assignment: organization-defined subset of privileged users].
AU-9(5): Dual Authorization
Baseline(s):
The organization enforces dual authorization for [Selection (one or more): movement; deletion] of [Assignment: organization-defined audit information].
AU-9(6): Read Only Access
Baseline(s):
The organization authorizes read-only access to audit information to [Assignment: organization-defined subset of privileged users].