AU-9(2): Audit Backup On Separate Physical Systems / Components

CSF v1.1 References:

Threats Addressed:


  • High

Next Version:

Control Statement

The information system backs up audit records [Assignment: organization-defined frequency] onto a physically different system or system component than the system or component being audited.

Supplemental Guidance

This control enhancement helps to ensure that a compromise of the information system being audited does not also result in a compromise of the audit records.