Embedded Files
This page is classified as INTERNAL.
NIST 800-53 (r4) Control:
The information system backs up audit records [FedRAMP Assignment: (M)(H) at least weekly] onto a physically different system or system component than the system or component being audited.
NIST 800-53 (r4) Supplemental Guidance:
This control enhancement helps to ensure that a compromise of the information system being audited does not also result in a compromise of the audit records. Related controls: AU-4, AU-5, AU-11.
NIST 800-53 (r5) Discussion:
Storing audit records in a repository separate from the audited system or system component helps to ensure that a compromise of the system being audited does not also result in a compromise of the audit records. Storing audit records on separate physical systems or components also preserves the confidentiality and integrity of audit records and facilitates the management of audit records as an organization-wide activity. Storing audit records on separate systems or components applies to initial generation as well as backup or long-term storage of audit records.
38North Guidance:
Meets Minimum Requirement:
Audit logs need to be backed up at least weekly on separate physical Cloud Service Offering (CSO) system/components.
Best Practice:
Audit logs need to backed up on different physical system components preferably in different regions or zones if storage is hosted in Amazon S3 buckets etc.
Audit logs that are stored in an on-premise solution need to be backed up offsite to a secondary on-premise solution.
Unofficial FedRAMP Guidance: None
Assessment Evidence:
Screen shots of the storage solution for audit information verifying that audit information is backup up at least on a weekly basis.
CSP Implementation Tips:
Amazon Web Services (AWS): TBD
Microsoft Azure: TBD
Google Cloud Platform: TBD
Page updated
Report abuse