AU-9(1): Hardware Write-Once Media

CSF v1.1 References:

Threats Addressed:


(Not part of any baseline)

Next Version:

Control Statement

The information system writes audit trails to hardware-enforced, write-once media.

Supplemental Guidance

This control enhancement applies to the initial generation of audit trails (i.e., the collection of audit records that represents the audit information to be used for detection, analysis, and reporting purposes) and to the backup of those audit trails. The enhancement does not apply to the initial generation of audit records prior to being written to an audit trail. Write-once, read-many (WORM) media includes, for example, Compact Disk-Recordable (CD-R) and Digital Video Disk-Recordable (DVD-R). In contrast, the use of switchable write-protection media such as on tape cartridges or Universal Serial Bus (USB) drives results in write-protected, but not write-once, media.