Overview:
The information system backs up audit records [Assignment: organization-defined frequency] onto a physically different system or system component than the system or component being audited.
Supplemental Guidance:
This control enhancement helps to ensure that a compromise of the information system being audited does not also result in a compromise of the audit records.
Related controls: AU-4, AU-5, AU-11.
Action Items:
1) Ensures that audit records are backed up on a regular basis to an external source
Related Documents:
1) Audit and Accountability Policy
2) Logging and Monitoring Policy
3) Backup Policy
Additional Guidance:
Moderate FedRAMP-Defined Assignment / Selection Parameters
AU-9 (2) [at least weekly]
Moderate Additional FedRAMP Requirements and Guidance
none
Article ID: 621
Created: September 29, 2022
Last Updated: September 29, 2022
Author: Matthew Burdick
Online URL: http://www.compliancewiki.org/article/fedramp-audit-backup-on-separate-physical-systems-and-components-au-9-2-621.html