Audit information is not kept in the control of the systems
about which the information applies. For example, audit information may be
immediately transmitted to a separate computer for storage and analysis, a
trusted computing base may separate the information from the areas that
generate it, or audit information may be written to a write-once output
device to assure against subsequent corruption or destruction.
Complexity: This is not complex to accomplish with a reasonable degree of
assurance, however, under high load conditions, such mechanisms often fail.
fc@red.a.net