>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

AU.L2-3.3.8Audit Protection

Level 2
800-171: 3.3.8

>Control Description

Protect audit information and audit logging tools from unauthorized access, modification, and deletion.

>Cross-Framework Mappings

NIST SP 800-171

3.3.8
Compare

SCF

MON-02
Compare
MON-03.1
Compare
MON-08
Compare

>Assessment Interview Topics

Questions assessors commonly ask

Process & Governance:

  • What is your policy for protecting audit information from unauthorized access?
  • How do you govern access to audit logs and audit logging tools?
  • What procedures are in place for audit log backup and protection?
  • Who is authorized to access or modify audit configurations?

Technical Implementation:

  • What technical mechanisms protect audit logs from unauthorized access?
  • How do you implement read-only access to audit logs?
  • What encryption protects audit logs at rest and in transit?
  • How are audit logs backed up and protected?
  • What access controls restrict who can view or modify audit logs?

Evidence & Documentation:

  • What audit logging configuration documentation can you provide?
  • What sample audit logs demonstrate required events are logged?
  • What audit log review documentation shows periodic review?
  • What SIEM screenshots show audit log aggregation and analysis?
  • What audit retention documentation shows logs are retained per policy?
  • What evidence shows audit logs are protected from modification?

Ask AI

Configure your API key to use AI features.