💼 AU-9 Protection of Audit Information (L)(M)(H)

Description

a. Protect audit information and audit logging tools from unauthorized access, modification, and deletion; and

b. Alert [Assignment: organization-defined personnel or roles] upon detection of unauthorized access, modification, or deletion of audit information.

Section	Sub Sections	Internal Rules	Policies	Flags
💼 NIST SP 800-53 Revision 5 → 💼 AU-9 Protection of Audit Information	7	2	4

Section	Sub Sections	Internal Rules	Policies	Flags
💼 FedRAMP Low Security Controls → 💼 AU-9 Protection of Audit Information (L)(M)(H)			10
💼 FedRAMP Moderate Security Controls → 💼 AU-9 Protection of Audit Information (L)(M)(H)	1		10

Section	Sub Sections	Internal Rules	Policies	Flags
💼 AU-9(2) Store on Separate Physical Systems or Components (H)
💼 AU-9(3) Cryptographic Protection (H)
💼 AU-9(4) Access by Subset of Privileged Users (M)(H)

Policy	Logic Count	Flags
📝 AWS CloudTrail is not encrypted with KMS CMK 🟢	1	🟢 x6
📝 AWS CloudTrail Log File Validation is not enabled 🟢	1	🟢 x6
📝 Azure Diagnostic Setting for Azure Key Vault is not enabled 🟢		🟢 x3
📝 Azure Subscription Activity Log Alert for Create or Update Network Security Group does not exist 🟢	1	🟢 x6
📝 Azure Subscription Activity Log Alert for Create or Update Security Solution does not exist 🟢	1	🟢 x6
📝 Azure Subscription Activity Log Alert for Create Policy Assignment does not exist 🟢	1	🟢 x6
📝 Azure Subscription Activity Log Alert for Delete Network Security Group does not exist 🟢	1	🟢 x6
📝 Azure Subscription Activity Log Alert for Delete Policy Assignment does not exist 🟢	1	🟢 x6
📝 Azure Subscription Activity Log Alert for Delete Security Solution does not exist 🟢	1	🟢 x6
📝 Azure Subscription Security Alert Notifications to subscription owners are not configured 🟢	1	🟢 x6