AU-9(6): Read-only Access
Control Family:
Parent Control:
Threats Addressed:
Baselines:
(Not part of any baseline)
Previous Version:
- NIST Special Publication 800-53 Revision 4:
- AU-9(6): Read Only Access
Control Statement
Authorize read-only access to audit information to [Assignment: organization-defined subset of privileged users or roles].
Supplemental Guidance
Restricting privileged user or role authorizations to read-only helps to limit the potential damage to organizations that could be initiated by such users or roles, such as deleting audit records to cover up malicious activity.