AU-9(7)—Store On Component With Different Operating System
>Control Description
Store audit information on a component running a different operating system than the system or component being audited.
>Supplemental Guidance
Storing auditing information on a system component running a different operating system reduces the risk of a vulnerability specific to the system, resulting in a compromise of the audit records.