Description
The information system protects audit information and audit tools from unauthorized access, modification, and deletion.\n
Supplemental Guidance
Audit information includes all information (e.g., audit records, audit settings, and audit reports) needed to successfully audit information system activity.\n
Changes from Rev 4
Adds new alert for specified individuals or roles upon detection of unauthorized access, modification, or deletion of audit information New parameter supports specifying the individuals or roles to receive alerts Discussion reference to PII
Enhancements
(1) The information system produces audit records on hardware-enforced, write-once media.\n
Compliance Mappings
ISO 27002:2022
8.15
SOC 2 TSC
PI1.4PI1.5
ISO 17799 (legacy)
10.10.315.1.315.3.2
COBIT 4.1 (legacy)
None.