Skip to Content

FedRAMP - Audit Backup on Separate Physical Systems and Components AU-9(2)

621  Matthew Burdick September 29, 2022  Audit and Accountability (AU)

Overview:
The information system backs up audit records [Assignment: organization-defined frequency] onto a physically different system or system component than the system or component being audited.


Supplemental Guidance:
This control enhancement helps to ensure that a compromise of the information system being audited does not also result in a compromise of the audit records.


Related controls: AU-4, AU-5, AU-11.


Action Items:
1) Ensures that audit records are backed up on a regular basis to an external source

 

Related Documents:
1) Audit and Accountability Policy

2) Logging and Monitoring Policy

3) Backup Policy


Additional Guidance:
Moderate FedRAMP-Defined Assignment / Selection Parameters
AU-9 (2) [at least weekly]


Moderate Additional FedRAMP Requirements and Guidance
none
Not Rated
Secure Code