Device Class 3: Protection Of Audit Information
Control ID: AU-9 Protection Of Audit Information | Family: Audit and Accountability | Source: NIST 800-53r4 |
Control: The information system protects audit information and audit tools from unauthorized access, modification, and deletion. | ||
Supplemental Guidance: Audit information includes all information (e.g.,audit records, audit settings, and audit reports) needed to successfully audit information system activity. This control focuses on technical protection of audit information. Physical protection of audit information is addressed by media protection controls and physical and environmental protection controls. Related Controls: AC-3, AC-6, MP-2, MP-4, PE-2, PE-3, PE-6 |
||
Control Enhancements:
(2) Protection Of Audit Information | Audit Backup On Separate Physical Systems / Components The information system backs up audit records [Assignment: organization-defined frequency] onto a physically different system or system component than the system or component being audited. Supplemental Guidance: This control enhancement helps to ensure that a compromise of the information system being audited does not also result in a compromise of the audit records. Related Controls: AU-4, AU-5, AU-11 (3) Protection Of Audit Information | Cryptographic Protection The information system implements cryptographic mechanisms to protect the integrity of audit information and audit tools. Supplemental Guidance: Cryptographic mechanisms used for protecting the integrity of audit information include, for example, signed hash functions using asymmetric cryptography enabling distribution of the public key to verify the hash information while maintaining the confidentiality of the secret key used to generate the hash. Related Controls: AU-10, SC-12, SC-13 |
||
References: N/A | ||
Mechanisms:
|
||
Protocol Implementation Conformance Statements: N/A |