AU-9(3): Cryptographic Protection

Control Family:

Audit And Accountability

Parent Control:

AU-9: Protection Of Audit Information

Priority:

P1: Implement P1 security controls first.

CSF v1.1 References:

PR.PT-1

Threats Addressed:

Tampering

Baselines:

High

Next Version:

NIST Special Publication 800-53 Revision 5:
AU-9(3): Cryptographic Protection

Control Statement

The information system implements cryptographic mechanisms to protect the integrity of audit information and audit tools.

Supplemental Guidance

Cryptographic mechanisms used for protecting the integrity of audit information include, for example, signed hash functions using asymmetric cryptography enabling distribution of the public key to verify the hash information while maintaining the confidentiality of the secret key used to generate the hash.