AU-9(6)
-
Requirement
Authorize read-only access to audit information to [Assignment: organization-defined subset of privileged users or roles].
-
Discussion
Restricting privileged user or role authorizations to read-only helps to limit the potential damage to organizations that could be initiated by such users or roles, such as deleting audit records to cover up malicious activity.
NIST 800-53A Assessment Guidance
CMMC Training
Our CMMC Overview Course simplifies CMMC. Enroll so you can make informed decisions!