AU-09 Protection of Audit Information
a. Protect audit information and audit logging tools from unauthorized access, modification, and deletion; and
b. Alert au-09_odp upon detection of unauthorized access, modification, or deletion of audit information.
| Parameter ID | Definition |
|---|---|
| au-09_odp | personnel or roles |
Baselines
- L
- M
- H
- P
Guidance
Audit information includes all information needed to successfully audit system activity, such as audit records, audit log settings, audit reports, and personally identifiable information. Audit logging tools are those programs and devices used to conduct system audit and logging activities. Protection of audit information focuses on technical protection and limits the ability to access and execute audit logging tools to authorized individuals. Physical protection of audit information is addressed by both media protection controls and physical and environmental protection controls.
References 3
- FIPS 140-3 National Institute of Standards and Technology (2019) Security Requirements for Cryptographic Modules. (U.S. Department of Commerce, Washington, D.C.), Federal Information Processing Standards Publication (FIPS) 140-3.
- FIPS 180-4 National Institute of Standards and Technology (2015) Secure Hash Standard (SHS). (U.S. Department of Commerce, Washington, D.C.), Federal Information Processing Standards Publication (FIPS) 180-4.
- FIPS 202 National Institute of Standards and Technology (2015) SHA-3 Standard: Permutation-Based Hash and Extendable-Output Functions. (U.S. Department of Commerce, Washington, D.C.), Federal Information Processing Standards Publication (FIPS) 202.
Control Enhancements 7
- AU-09(01) Hardware Write-once Media L M H P
- AU-09(02) Store on Separate Physical Systems or Components L M H P
- AU-09(03) Cryptographic Protection L M H P
- AU-09(04) Access by Subset of Privileged Users L M H P
- AU-09(05) Dual Authorization L M H P
- AU-09(06) Read-only Access L M H P
- AU-09(07) Store on Component with Different Operating System L M H P
Related controls 14
- AC-03 Access Enforcement L M H P
- AC-06 Least Privilege L M H P
- AU-06 Audit Record Review, Analysis, and Reporting L M H P
- AU-11 Audit Record Retention L M H P
- AU-14 Session Audit L M H P
- AU-15 Alternate Audit Logging Capability
- MP-02 Media Access L M H P
- MP-04 Media Storage L M H P
- PE-02 Physical Access Authorizations L M H P
- PE-03 Physical Access Control L M H P
- PE-06 Monitoring Physical Access L M H P
- SA-08 Security and Privacy Engineering Principles L M H P
- SC-08 Transmission Confidentiality and Integrity L M H P
- SI-04 System Monitoring L M H P