AU-9(6)

  • Requirement

    Authorize read-only access to audit information to [Assignment: organization-defined subset of privileged users or roles].

  • Discussion

    Restricting privileged user or role authorizations to read-only helps to limit the potential damage to organizations that could be initiated by such users or roles, such as deleting audit records to cover up malicious activity.

More Info

  • Title

    Protection of Audit Information | Read-only Access
  • Family

    Audit and Accountability
  • NIST 800-53B Baseline(s)

    • Related NIST 800-53 ID

    NIST 800-53A Assessment Guidance

    CMMC Training

    Our CMMC Overview Course simplifies CMMC. Enroll so you can make informed decisions!