πΌ AU-9 Protection of Audit Information (L)(M)(H)
- Contextual name: πΌ AU-9 Protection of Audit Information (L)(M)(H)
- ID:
/frameworks/fedramp-high-security-controls/au/09 - Located in: πΌ Audit and Accountability
Descriptionβ
a. Protect audit information and audit logging tools from unauthorized access, modification, and deletion; and
b. Alert [Assignment: organization-defined personnel or roles] upon detection of unauthorized access, modification, or deletion of audit information.
Similarβ
- Sections
/frameworks/nist-sp-800-53-r5/au/09
- Internal
- ID:
dec-c-55f963cc
- ID:
Similar Sections (Take Policies From)β
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|---|---|---|---|
| πΌ NIST SP 800-53 Revision 5 β πΌ AU-9 Protection of Audit Information | 7 | 2 | 4 |
Similar Sections (Give Policies To)β
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|---|---|---|---|
| πΌ FedRAMP Low Security Controls β πΌ AU-9 Protection of Audit Information (L)(M)(H) | 10 | |||
| πΌ FedRAMP Moderate Security Controls β πΌ AU-9 Protection of Audit Information (L)(M)(H) | 1 | 10 |
Sub Sectionsβ
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|---|---|---|---|
| πΌ AU-9(2) Store on Separate Physical Systems or Components (H) | ||||
| πΌ AU-9(3) Cryptographic Protection (H) | ||||
| πΌ AU-9(4) Access by Subset of Privileged Users (M)(H) |
Policies (10)β
| Policy | Logic Count | Flags |
|---|---|---|
| π AWS CloudTrail is not encrypted with KMS CMK π’ | 1 | π’ x6 |
| π AWS CloudTrail Log File Validation is not enabled π’ | 1 | π’ x6 |
| π Azure Diagnostic Setting for Azure Key Vault is not enabled π’ | π’ x3 | |
| π Azure Subscription Activity Log Alert for Create or Update Network Security Group does not exist π’ | 1 | π’ x6 |
| π Azure Subscription Activity Log Alert for Create or Update Security Solution does not exist π’ | 1 | π’ x6 |
| π Azure Subscription Activity Log Alert for Create Policy Assignment does not exist π’ | 1 | π’ x6 |
| π Azure Subscription Activity Log Alert for Delete Network Security Group does not exist π’ | 1 | π’ x6 |
| π Azure Subscription Activity Log Alert for Delete Policy Assignment does not exist π’ | 1 | π’ x6 |
| π Azure Subscription Activity Log Alert for Delete Security Solution does not exist π’ | 1 | π’ x6 |
| π Azure Subscription Security Alert Notifications to subscription owners are not configured π’ | 1 | π’ x6 |
Internal Rulesβ
| Rule | Policies | Flags |
|---|---|---|
| βοΈ dec-x-20c9ef83 | 1 | |
| βοΈ dec-x-351e376f | 1 | |
| βοΈ dec-x-79579ed7 | 1 | |
| βοΈ dec-x-9002886f | 1 | |
| βοΈ dec-x-b1e1a494 | 1 | |
| βοΈ dec-x-b2ce0ca1 | 1 | |
| βοΈ dec-x-c397d3ca | 2 | |
| βοΈ dec-x-dc359e59 | 1 |