← Controls / AU

AU-09 Protection Of Audit Information

Audit and Accountability

Low Moderate High

Description

The information system protects audit information and audit tools from unauthorized access, modification, and deletion.

Supplemental Guidance

Audit information includes all information (e.g., audit records, audit settings, and audit reports) needed to successfully audit information system activity.

Changes from Rev 4

Adds new alert for specified individuals or roles upon detection of unauthorized access, modification, or deletion of audit information New parameter supports specifying the individuals or roles to receive alerts Discussion reference to PII

Enhancements

(1) The information system produces audit records on hardware-enforced, write-once media.

Compliance Mappings

ISO 27001:2022

7.5A.8.15

ISO 27002:2022

5.285.338.15

CIS Controls v8

CIS 8

NIST CSF 2.0

RS.AN-06RS.AN-07

SOC 2 TSC

PI1.4PI1.5

PCI DSS v4.0.1

10.3

CSA CCM v4

IAM-12LOG-02LOG-04LOG-09

CSA AICM v1

IAM-12LOG-02LOG-04LOG-09

ISO 42001:2023

A.6.2.8

IEC 62443

3-3 SR 6.1

APRA CPS 234

Para 22-23

BSI IT-Grundschutz

OPS.1.1.5

ANSSI

Hygiene.29SecNumCloud.13.7

FINMA Circular 2023/1

IV.B.d(59)IV.C(66)IV.C(67)

OSFI B-13

B-13.3.2B-13.3.3

EU GDPR

Art.32(1)(b)Art.5(1)(f)

EU DORA

Art.10(1)

BIO2

5.285.338.15

RBI CSF

Annex1.16ITGRCA.15

FISC Security Guidelines

FISC.O11

LGPD + BCB 4893

BCB.Art.15BCB.Art.20BCB.Art.3BCB.Art.9LGPD.Art.46

MLPS 2.0

8.1.3.58.1.4.38.1.5.2

DNB Good Practice

DNB.20.1

EU CRA

CRA.I.2fCRA.I.2l

SWIFT CSCF

SWIFT.6.4

NCA ECC

2-12

UAE IA

T7

CBB TM

TM-12

Qatar NIA

OS

CBUAE

CR-3

CBE CSF

CD-1

SA JS2

JS2-7.3

CBN CSF

Part3.5

BoG CISD

CISD-VII

POPIA

s19

BoM CTRM

4.2

IOSCO Cyber Resilience

DET-1

CPMI-IOSCO PFMI

CG.DE

FFIEC IS

III.B

NYDFS 500

500.6

HIPAA Security Rule

§164.308(a)(1)(ii)(D)§164.312(b)

ECB CROE

CROE.2.4

EBA ICT Guidelines

3.4.53.5(c)

SEBI CSCRF

DE.AURS.AN

BOT Cyber Resilience

Ch3.1

CMMC 2.0

AU

10 CFR 73.54

RG5.71-A-AU

IEEE 1686-2022

5.2

IAEA NSS 17-T

Sec 5.5

PCI PTS v6

L

Common Criteria

CC Part 2 — FAU

Solvency II

Pillar3-Reporting

Lloyd's Minimum Standards

MS8.12

NAIC Insurance Data Security

4-audit7

PRA SS1/23

P-IT.2

FCA SYSC 13

SYSC 13.G.4

HITRUST CSF v11

09.g11.c

FDA 21 CFR Part 11

§11.10(b)§11.10(e)

FDA Cybersecurity Guidance

SA-5

ISO 27799

12.4

CCSS v9.0

1.04.51.05.22.04.12.04.22.04.3

MiCA

Art.63(2)Art.82(1)

Basel SCO60

SCO60.23SCO60.62SCO60.66

BSSC Standards

TIS-07KMS-09GSP-12

SEC Custody (Digital Assets)

SEC-CD-05SEC-CD-15SEC-CD-16

ISO 17799 (legacy)

10.10.315.1.315.3.2

COBIT 4.1 (legacy)

None.