au-9(1)

protection of audit information | hardware write-once media

assessment objective:

Determine if the information system writes audit trails to hardware-enforced, write-once media.

potential assessment methods and objects:

Examine: [select from: Audit and accountability policy; access control policy and procedures; procedures addressing protection of audit information; information system design documentation; information system hardware settings; information system configuration settings and associated documentation; information system storage media; information system audit records; other relevant documents or records].

Interview: [select from:  Organizational personnel with audit and accountability responsibilities; organizational personnel with information security responsibilities; system/network administrators; system developers].

Test: [select from: Information system media storing audit trails].