NIST 800-53 r5 · Controls catalogue · Family AU
AU-9Protection of Audit Information
Protect audit information and audit logging tools from unauthorized access, modification, and deletion; and Alert {{ insert: param, au-09_odp }} upon detection of unauthorized access, modification, or deletion of audit information.
Last updated: 09 May 2026 03:25 UTC
Implementations targeting this control (1)
- aws-config-cloud-trail-log-file-validation-enabled CloudTrail log file validation is enabled AWS::CloudTrail::Trail partial
ATT&CK techniques this control mitigates (0)
- No ATT&CK techniques mapped to this control yet.
Weaknesses this control addresses (3)AI
CWEs ranked by how often they appear in real CVEs. The rationale describes how this control reduces exploitability of each weakness class.
| CWE | Name | CVEs | Why this control addresses it |
|---|---|---|---|
CWE-200 | Exposure of Sensitive Information to an Unauthorized Actor | 10,204 | Protecting audit information prevents exposure of sensitive data contained within logs to unauthorized actors. |
CWE-284 | Improper Access Control | 4,832 | The control directly enforces access controls to prevent unauthorized access, modification, or deletion of audit information and tools. |
CWE-732 | Incorrect Permission Assignment for Critical Resource | 1,824 | Audit logs and logging tools are critical resources whose protection requires correct permission assignments to block unauthorized actions. |
Top CVEs where this control is the strongest mitigation
| CVE | Risk | CVSS | EPSS | Match |
|---|---|---|---|---|
CVE-2025-27682 | 2.0 | 9.8 | 0.0021 | good |
CVE-2024-13513 | 2.0 | 9.8 | 0.0015 | good |
CVE-2026-4788 | 1.7 | 8.4 | 0.0001 | good |
CVE-2025-22960 | 1.6 | 8.0 | 0.0026 | good |
CVE-2026-28261 | 1.6 | 7.8 | 0.0001 | good |
CVE-2024-57957 | 1.3 | 6.6 | 0.0010 | good |
CVE-2025-13315 | 6.9 | 9.8 | 0.8288 | good |
CVE-2024-48852 | 2.0 | 9.4 | 0.0270 | good |
CVE-2025-30424 | 2.0 | 9.8 | 0.0070 | good |
CVE-2025-11008 | 2.0 | 9.8 | 0.0021 | good |
CVE-2026-0905 | 2.0 | 9.8 | 0.0003 | good |
CVE-2024-52975 | 1.8 | 9.0 | 0.0034 | good |
CVE-2026-23493 | 1.7 | 8.6 | 0.0000 | good |
CVE-2026-22038 | 1.6 | 8.1 | 0.0011 | good |
CVE-2024-8474 | 1.6 | 7.5 | 0.0084 | partial |
CVE-2026-23775 | 1.5 | 7.6 | 0.0002 | good |
CVE-2025-67223 | 1.5 | 7.5 | 0.0015 | good |
CVE-2026-4276 | 1.5 | 7.5 | 0.0007 | good |
CVE-2025-1075 | 1.5 | 7.5 | 0.0021 | good |
CVE-2025-26495 | 1.5 | 7.5 | 0.0012 | good |
CVE-2026-34487 | 1.5 | 7.5 | 0.0008 | good |
CVE-2026-34969 | 1.5 | 7.5 | 0.0005 | partial |
CVE-2025-24169 | 1.5 | 7.5 | 0.0004 | partial |
CVE-2025-24556 | 1.5 | 7.5 | 0.0006 | good |
CVE-2019-25605 | 1.5 | 7.5 | 0.0004 | good |