Navigate

AU-9 (3)

AU-9 (3): Cryptographic Protection

The information system implements cryptographic mechanisms to protect the integrity of audit information and audit tools.

Supplemental

Cryptographic mechanisms used for protecting the integrity of audit information include, for example, signed hash functions using asymmetric cryptography enabling distribution of the public key to verify the hash information while maintaining the confidentiality of the secret key used to generate the hash.

CIA Levels
Confidentiality	unknown
Integrity	high
Availability	unknown

Overlays
Privacy (High), Privacy (Mod), Privacy (PHI)

Related Controls

The controls below (if any) were marked by NIST as being related to AU-9 (3).

Control	Description
AU-10	The information system protects against an individual (or process acting on behalf of an individual) falsely denying having performed [Assignment: organization-defined actions to be covered by non-repudiation].
SC-12	The organization establishes and manages cryptographic keys for required cryptography employed within the information system in accordance with [Assignment: organization-defined requirements for key generation, distribution, storage, access, and destruction].
SC-13	The information system implements [Assignment: organization-defined cryptographic uses and type of cryptography required for each use] in accordance with applicable federal laws, Executive Orders, directives, policies, regulations, and standards.

Enhancements

The controls below (if any) add on to the requirements of AU-9 (3).

Control	Description
No controls

Related CCIs

The CCIs below are tied to AU-9 (3).

CCI	Definition
CCI-001350	The information system implements cryptographic mechanisms to protect the integrity of audit information.
CCI-001496	The information system implements cryptographic mechanisms to protect the integrity of audit tools.