Navigate

CCI-001898

CCI-001898 Definition

Authorize read-only access to audit information to an organization-defined subset of privileged users or roles.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

The organization being inspected/assessed authorizes read only access to audit information to only the subset of privileged users defined in AU-9 (6), CCI 1897.

Validation Procedures

The organization conducting the inspection/assessment obtains and examines the documentation of read only access authorizations for audit information to ensure only the subset of privileged users defined in AU-9 (6), CCI 1897 have been granted access authorization.

Compelling Evidence

1.) List of privileged users who will be authorized read-only access to the management of audit functionality

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-001898.

Control	Description
AU-9(6)	The organization authorizes read-only access to audit information to [organization-defined subset of privileged users].