10.5.1 Limit viewing of audit trails to those with a job-related need

10.5.1 Limit viewing of audit trails to those with a job-related need.

10.5.1 Only individuals who have a job-related need can view audit trail files.

Adequate protection of the audit logs includes strong access control (limit access to logs based on “need to know” only), and use of physical or network segregation to make the logs harder to find and modify.

Promptly backing up the logs to a centralized log server or media that is difficult to alter keeps the logs protected even if the system generating the logs becomes compromised.