AU-9

Audit and AccountabilityRev 5system

Protection of Audit Information

Baselines:LowModerateHigh

Control Statement

a. Protect audit information and audit logging tools from unauthorized access, modification, and deletion; and b. Alert [Assignment: personnel or roles] upon detection of unauthorized access, modification, or deletion of audit information.

Supplemental Guidance

Audit information includes all information needed to successfully audit system activity, such as audit records, audit log settings, audit reports, and personally identifiable information. Audit logging tools are those programs and devices used to conduct system audit and logging activities. Protection of audit information focuses on technical protection and limits the ability to access and execute audit logging tools to authorized individuals. Physical protection of audit information is addressed by both media protection controls and physical and environmental protection controls.

Related Controls (14)

AC-3 AC-6 AU-6 AU-11 AU-14 AU-15 MP-2 MP-4 PE-2 PE-3 PE-6 SA-8 SC-8 SI-4

CCI Identifiers (8)

CCI-000162Protect audit information from unauthorized access.CCI-000163Protect audit information from unauthorized modification.CCI-000164Protect audit information from unauthorized deletion.CCI-001493Protect audit tools from unauthorized access.CCI-001494Protect audit tools from unauthorized modification.CCI-003831Alert organization-defined personnel or roles upon detection of unauthorized access, modification, or deletion of audit information.CCI-003832Defines the personnel or roles to be alerted upon detection of unauthorized access, modification, or deletion of audit information.CCI-001495Protect audit tools from unauthorized deletion.

Linked STIG Checks (200)

Across 35 STIGs. Click to expand.