AU-9 (6)
AU-9 (6) Description
The organization authorizes read-only access to audit information to [Assignment: organization-defined subset of privileged users].
Supplemental
Restricting privileged user authorizations to read-only helps to limit the potential damage to organizations that could be initiated by such users (e.g., deleting audit records to cover up malicious activity).
CIA Levels | |
---|---|
Confidentiality | unknown |
Integrity | unknown |
Availability | unknown |
Overlays |
---|
Cross Domain (Access), Cross Domain (Multilevel), Cross Domain (Transfer), Int-A, Int-B, Int-C, NC3 |