Navigate

CCI-003831

CCI-003831 Definition

Alert organization-defined personnel or roles upon detection of unauthorized access, modification, or deletion of audit information.

Status
Type	CheckType.technical

Master Assessment Datasheet

Implementation Guidance

Determine if [AU-09_ODP; personnel or roles to be alerted upon detection of unauthorized access, modification, or deletion of audit information is/are defined] are alerted upon detection of unauthorized access, modification, or deletion of audit information.

Validation Procedures

Examine: [SELECT FROM: Audit and accountability policy; system security plan; privacy plan; access control policy and procedures; procedures addressing protection of audit information; system design documentation; system configuration settings and associated documentation; system audit records; audit tools; other relevant documents or records]. Interview: [SELECT FROM: Organizational personnel with audit and accountability responsibilities; organizational personnel with information security and privacy responsibilities; system/network administrators; system developers]. Test: [SELECT FROM: Mechanisms implementing audit information protection].

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-003831.

Control	Description
AU-9	a: Protect audit information and audit logging tools from unauthorized access, modification, and deletion; and b: Alert [personnel or roles to be alerted upon detection of unauthorized access, modification, or deletion of audit information is/are defined;] upon detection of unauthorized access, modification, or deletion of audit information.