ACR-12.11v1.0

Access controls for audit data SHALL prevent unauthorized access while enabling legitimate review.

Domain

12 — Domain 12: Auditability and Transparency

Eval Method

AT+EIAT+EI

Risk Weight

4 / 10

Applicability

L1L2L3

Description#

Access controls for audit data SHALL prevent unauthorized access while enabling legitimate review.

Evaluation Method#

AT+EIAT+EI

Evaluation methodology as specified by the assigned method code.

v1.1 Details#

Profile Applicability

S,A,C

Evaluation Frequency

Annual

Platform Cert Eligible

Yes

Framework Crosswalk Refs

NIST SP 800-53 AU-9; ISO/IEC 27001 A.8.3

This is a conditional control. Non-compliance with this ACR may result in conditional certification with a mandated remediation period. The Authorized Verification Body will specify the remediation timeline and required evidence for the condition to be cleared. If remediation is not completed within the specified period, the conditional certification will be revoked.

← PreviousACR-12.10: Audit mechanisms SHALL NOT introduce performance degradation that affects system reliability.Next →ACR-12.12: The system SHALL provide transparency reports documenting system behavior trends, incident summaries

Access controls for audit data SHALL prevent unauthorized access while enabling legitimate review.

Description#

Evaluation Method#

v1.1 Details#

Classification#