AU-09 Protection Of Audit Information

Control: The information system protects audit information and audit tools from unauthorized access, modification, and deletion.

Supplemental Guidance: Audit information includes all information (e.g., audit records, audit settings, and audit reports) needed to successfully audit information system activity.

Control Enhancements: (1) The information system produces audit records on hardware-enforced, write-once media.

Baseline: LOW AU-9 MOD AU-9 HIGH AU-9

Family: Audit And Accountability

Class: Technical

ISO 17799 mapping: 10.10.3, 15.1.3, 15.3.2

COBIT 4.1 mapping: None.

PCI-DSS v2 mapping: 10.5