Embedded Files
This page is classified as INTERNAL.
NIST 800-53 (r4) Control:
The information system implements cryptographic mechanisms to protect the integrity of audit information and audit tools.
NIST 800-53 (r4) Supplemental Guidance:
Cryptographic mechanisms used for protecting the integrity of audit information include, for example, signed hash functions using asymmetric cryptography enabling distribution of the public key to verify the hash information while maintaining the confidentiality of the secret key used to generate the hash. Related controls: AU-10, SC-12, SC-13.
NIST 800-53 (r5) Discussion:
Cryptographic mechanisms used for protecting the integrity of audit information include signed hash functions using asymmetric cryptography. This enables the distribution of the public key to verify the hash information while maintaining the confidentiality of the secret key used to generate the hash.
38North Guidance:
Meets Minimum Requirement:
The organization is required to use cryptographic mechanisms to protect the integrity of audit information and audit tools for the Cloud Security Offering (CSO).
Best Practice:
Strong encryption needs to be configured for any cloud based storage with at least FIPS-140-2 or FIPS-140-3 level encryption.
On-premise storage solutions need to have encryption enabled on the storage devices with at least FIPS-140-2 or FIPS-140-3 level encryption.
Unofficial FedRAMP Guidance: None
Assessment Evidence:
Screen shots of encryption settings for where audit information is stored.
CSP Implementation Tips:
Amazon Web Services (AWS): TBD
Microsoft Azure: TBD
Google Cloud Platform: TBD
Page updated
Report abuse