AU-9(4)

  • Requirement

    Authorize access to management of audit logging functionality to only [Assignment: organization-defined subset of privileged users or roles].

  • Discussion

    Individuals or roles with privileged access to a system and who are also the subject of an audit by that system may affect the reliability of the audit information by inhibiting audit activities or modifying audit records. Requiring privileged access to be further defined between audit-related privileges and other privileges limits the number of users or roles with audit-related privileges.

More Info

  • Title

    Protection of Audit Information | Access by Subset of Privileged Users
  • Family

    Audit and Accountability
  • NIST 800-53B Baseline(s)

    • Moderate
    • High
  • Related NIST 800-53 ID

    AC-5

NIST 800-53A Assessment Guidance

CMMC Training

Our CMMC Overview Course simplifies CMMC. Enroll so you can make informed decisions!