Navigate

AU-9(3)

AU-9(3): Cryptographic Protection

Implement cryptographic mechanisms to protect the integrity of audit information and audit tools.

Supplemental

Cryptographic mechanisms used for protecting the integrity of audit information include signed hash functions using asymmetric cryptography. This enables the distribution of the public key to verify the hash information while maintaining the confidentiality of the secret key used to generate the hash.

CIA Levels
Confidentiality	unknown
Integrity	high
Availability	unknown

Overlays
DAF Baseline, Privacy (high), Privacy (moderate)

CSF Categories
None

Related Controls

The controls below (if any) were marked by NIST as being related to AU-9(3).

Control	Description
AU-10	Provide irrefutable evidence that an individual (or process acting on behalf of an individual) has performed [actions to be covered by non-repudiation are defined;].
SC-12	Establish and manage cryptographic keys when cryptography is employed within the system in accordance with the following key management requirements: [requirements for key generation, distribution, storage, access, and destruction are defined;].
SC-13	a: Determine the [cryptographic uses are defined;] ; and b: Implement the following types of cryptography required for each specified cryptographic use: [types of cryptography for each specified cryptographic use are defined;].

Enhancements

The controls below (if any) add on to the requirements of AU-9(3).

Control	Description
No controls

Related CCIs

The CCIs below are tied to AU-9(3).

CCI	Definition
CCI-001350	Implement cryptographic mechanisms to protect the integrity of audit information.
CCI-001496	Implement cryptographic mechanisms to protect the integrity of audit tools.