AU-9 (2) - Store on Separate Physical Systems or Components
Control requirements
AU-9 (2) - 0
Store audit records [IBM Assignment: at least weekly] in a repository that is part of a physically different system or system component than the system or component being audited.
NIST supplemental guidance
Storing audit records in a repository separate from the audited system or system component helps to ensure that a compromise of the system being audited does not also result in a compromise of the audit records. Storing audit records on separate physical systems or components also preserves the confidentiality and integrity of audit records and facilitates the management of audit records as an organization-wide activity. Storing audit records on separate systems or components applies to initial generation as well as backup or long-term storage of audit records.