Embedded Files
This page is classified as INTERNAL.
NIST 800-53 (r4) Control:
The organization authorizes access to management of audit functionality to only [Assignment: organization-defined subset of privileged users].
NIST 800-53 (r4) Supplemental Guidance:
Individuals with privileged access to an information system and who are also the subject of an audit by that system, may affect the reliability of audit information by inhibiting audit activities or modifying audit records. This control enhancement requires that privileged access be further defined between audit-related privileges and other privileges, thus limiting the users with audit-related privileges. Related control: AC-5.
NIST 800-53 (r5) Discussion:
Individuals or roles with privileged access to a system and who are also the subject of an audit by that system may affect the reliability of the audit information by inhibiting audit activities or modifying audit records. Requiring privileged access to be further defined between audit-related privileges and other privileges limits the number of users or roles with audit-related privileges.
38North Guidance:
Meets Minimum Requirement:
The Cloud Service Provider (CSP) is required to authorize access to management of audit functionality to only the organization-defined subset of users [should be defined within the audit and accountability policy and procedures]. This requirement is typically implemented with strong access control measures for users and roles of the Cloud Security Offering (CSO).
Best Practice:
Enforce strict permissions for users and roles that are able to manage turning logging off and on on systems, configuring logging on systems, and copying audit logs etc.
Ensure that separation of duftites is enforced on who can do what functions on system components as well as the system components where audit information is collected and stored on.
Unofficial FedRAMP Guidance: None
Assessment Evidence:
Screen shots or listing of permissions of users who have access to audit logs verifying that separation of duties is being enforced.
CSP Implementation Tips:
Amazon Web Services (AWS): TBD
Microsoft Azure: TBD
Google Cloud Platform: TBD
Page updated
Report abuse