Applications are typically designed to incorporate their audit logs into the auditing sub-system hosted by the operating system. However, in some instances application developers may decide to forego the audit capabilities offered by the operating system and maintain application audit logs separately.
The protection of audit records from unauthorized or accidental deletion or modification requires that information systems be able to produce audit records on hardware-enforced write-once media.
Applications that do not write audit records to a resource (e.g., underlying OS or separate system) that is capable of producing audit records on hardware-enforced, write-once media must provide the capability to do so. This requirement is related to backup of records and not real-time creation of audit records.
Examples of such hardware devices include, but are not limited to, CD-R or DVD-R.
|