|
controlAU-9
Protection of Audit Information (AU-9)
Protect audit information and audit logging tools from unauthorized access, modification, and deletion; and Alert [organization-defined] upon detection of unauthorized access, modification, or deletion of audit information.
Security Baselines
LOWMODERATEHIGH
auditaccountabilitylogging
Why These Connect
Baselined In3
This control is included in the linked security baseline (LOW, MODERATE, or HIGH).
Supports29
These related controls work together — a change to one may affect the others.
Mitigates1
This control helps defend against or reduce the risk of the linked threat technique.
Enhances7
These enhancements add specific capabilities or refinements to the base control.
Related Controls(21)
AC-3Access Enforcement (AC-3)
LMH
AC-5Separation of Duties (AC-5)MH
AU-4Audit Log Storage Capacity (AU-4)LMH
AU-5Response to Audit Logging Process Failures (AU-5)LMH
AC-6Least Privilege (AC-6)MH
AU-6Audit Record Review, Analysis, and Reporting (AU-6)LMH
AU-11Audit Record Retention (AU-11)LMH
AU-14Session Audit (AU-14)AU-15Alternate Audit Logging Capability (AU-15)MP-2Media Access (MP-2)LMH
MP-4Media Storage (MP-4)MH
PE-2Physical Access Authorizations (PE-2)LMH
PE-3Physical Access Control (PE-3)LMH
PE-6Monitoring Physical Access (PE-6)LMH
SA-8Security and Privacy Engineering Principles (SA-8)LMH
SC-8Transmission Confidentiality and Integrity (SC-8)MH
SI-4System Monitoring (SI-4)LMH
AU-10Non-repudiation (AU-10)H
SC-12Cryptographic Key Establishment and Management (SC-12)LMH
SC-13Cryptographic Protection (SC-13)LMH
SC-29Heterogeneity (SC-29)Threat Coverage(1 ATT&CK techniques)
Control Enhancements(7)
AU-9(1)Hardware Write-once Media (AU-9(1))AU-9(2)Store on Separate Physical Systems or Components (AU-9(2))
H
AU-9(3)Cryptographic Protection (AU-9(3))H
AU-9(4)Access by Subset of Privileged Users (AU-9(4))MH
AU-9(5)Dual Authorization (AU-9(5))AU-9(6)Read-only Access (AU-9(6))AU-9(7)Store on Component with Different Operating System (AU-9(7))