AU-09-727 Protection of Audit Information

Protection of Audit Information

AU-09-727
Protection of Audit Information
Audit and Accountability
Protect
Media, Security Monitoring and Event Analysis
LOW, MOD, HIGH
P1
Yes
August 18, 2016

All Agency-owned information resources shall adopt Center for Internet Security (CIS) Benchmarks Level I standards for audit information protection policies where possible. In the event a benchmark is not available, write access to audit logs shall be restricted to administrators, at a minimum.

Failure to restrict access to logging facilities and log information may result in unauthorized access, log information tampering and loss of user activity evidence.
The information system protects audit information and audit tools from unauthorized access, modification, and deletion.
Logging mechanisms and tools are not available to general users for modification.
The information system protects audit information and audit tools from unauthorized access, modification, and deletion.
Obtain audit and accountability policy; procedures addressing protection of audit information; access control policy and procedures; information system design documentation; information system configuration settings and associated documentation; information system audit records; audit tools; other relevant documents or records and ascertain if the information system protects audit information and audit tools from unauthorized access, modification, and deletion.