NIST 800-53 REV 5 • SYSTEM AND INFORMATION INTEGRITY

SI-4(8)Protection of Monitoring Information

CMMC Practice Mapping

No direct CMMC mapping

NIST 800-171 Mapping

No direct NIST 800-171 mapping

Related Controls

No related controls listed

Practitioner Notes

Protect the integrity and availability of your monitoring information — if an attacker can delete or alter your logs, they can cover their tracks.

Example 1: Send logs to a write-once storage location (WORM storage or immutable blob storage in Azure) where they cannot be modified or deleted, even by administrators. This ensures forensic evidence is preserved.

Example 2: Configure your SIEM to alert if log collection stops from any source. If a server suddenly stops sending logs, it could mean the server is down — or it could mean an attacker disabled logging. Either way, you need to investigate immediately.

More System and Information Integrity Controls

SI-1 Policy and Procedures SI-2 Flaw Remediation SI-2(1) Central Management SI-2(2) Automated Flaw Remediation Status