Device Class 1: Protection Of Audit Information

Control ID: AU-9 Protection Of Audit Information Family: Audit and Accountability Source: NIST 800-53r4
Control: The information system protects audit information and audit tools from unauthorized access, modification, and deletion.
Supplemental Guidance:
Audit information includes all information (e.g.,audit records, audit settings, and audit reports) needed to successfully audit information system activity. This control focuses on technical protection of audit information. Physical protection of audit information is addressed by media protection controls and physical and environmental protection controls.

Related Controls: AC-3, AC-6, MP-2, MP-4, PE-2, PE-3, PE-6
Control Enhancements: N/A
References: N/A
Mechanisms:

  • Audit information is to be treated as information for which privileged access is required and protected per AC-3.

Protocol Implementation Conformance Statements: N/A