According to requirement 10.5, what must be done to audit trails?

To ensure the integrity and reliability of audit trails, it is essential that they are secured so that they cannot be altered. This requirement is critical because audit trails serve as an important mechanism for tracking access and activities within a system, especially in maintaining compliance with security standards. If audit trails are susceptible to alteration, this can undermine their validity and the overall security posture of the organization.

By securing audit trails, organizations can ensure that they provide an accurate and immutable record of events, which can be crucial during investigations of security incidents or breaches. This protects against unauthorized tampering or manipulation that could obscure accountability.

The other options do not align with the fundamental purpose of audit trails. For instance, color-coding may enhance usability but does not impact security or compliance. Regular backups may be important for data preservation, but they do not prevent alterations. The option permitting deletion after one month contradicts the requirement of maintaining secure and reliable records for sufficient periods of time, as retaining audit trails is vital for audit readiness and forensic analysis in the event of security issues.