CCI-001575

The organization defines the system or system component for storing audit records that is a different system or system component than the system or component being audited.

Implementation Guidance

The organization being inspected/assessed defines and documents a system or storage media that will be used to store information system audit data different and separate from the system or media generating the audit data.

Validation Procedures

The organization conducting the inspection/assessment obtains and examines the information system or media documentation addressing the storage of backups of information system audit records; information system audit records; and any other relevant documents or records. The purpose of the reviews is to ensure the organization has defined and documented a system or storage media different from the system or media being audited.

Compelling Evidence

1.) Signed and dated audit and accountability policy 2.) Example of information system backs up audit records at least weekly onto a different system or media than the system being audited.

The controls below (if any) were marked by NIST as being related to CCI-001575.