AU-9(4): Access By Subset Of Privileged Users
Control Family:
Parent Control:
CSF v1.1 References:
Threats Addressed:
Baselines:
- Moderate
- High
Next Version:
- NIST Special Publication 800-53 Revision 5:
- AU-9(4): Access by Subset of Privileged Users
Control Statement
The organization authorizes access to management of audit functionality to only [Assignment: organization-defined subset of privileged users].
Supplemental Guidance
Individuals with privileged access to an information system and who are also the subject of an audit by that system, may affect the reliability of audit information by inhibiting audit activities or modifying audit records. This control enhancement requires that privileged access be further defined between audit-related privileges and other privileges, thus limiting the users with audit-related privileges.