Navigate

CCI-003832

CCI-003832 Definition

Defines the personnel or roles to be alerted upon detection of unauthorized access, modification, or deletion of audit information.

Status
Type	CheckType.technical

Master Assessment Datasheet

Implementation Guidance

Determine if [AU-09_ODP; personnel or roles to be alerted upon detection of unauthorized access, modification, or deletion of audit information is/are defined] are alerted upon detection of unauthorized access, modification, or deletion of audit information.

Validation Procedures

Examine: [SELECT FROM: Audit and accountability policy; system security plan; privacy plan; access control policy and procedures; procedures addressing protection of audit information; system design documentation; system configuration settings and associated documentation; system audit records; audit tools; other relevant documents or records]. Interview: [SELECT FROM: Organizational personnel with audit and accountability responsibilities; organizational personnel with information security and privacy responsibilities; system/network administrators; system developers]. Test: [SELECT FROM: Mechanisms implementing audit information protection].

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-003832.

Control	Description
AU-9	a: Protect audit information and audit logging tools from unauthorized access, modification, and deletion; and b: Alert [personnel or roles to be alerted upon detection of unauthorized access, modification, or deletion of audit information is/are defined;] upon detection of unauthorized access, modification, or deletion of audit information.