Audit and Accountability - Level 3
CMMC AU.3.052 - Implement Audit Record Reduction
Requirement text: AU.3.052: Provide audit record reduction and report generation to support on- demand analysis and reporting. DISCUSSION FROM SOURCE: DRAFT NIST SP 800-171 R2 Audit record reduction is a process that manipulates collected audit ...
CMMC AU.3.051 - Correlate Audit Records
Requirement text: AU.3.051: Correlate audit record review, analysis, and reporting processes for investigation and response to indications of unlawful, unauthorized, suspicious, or unusual activity. DISCUSSION FROM SOURCE: DRAFT NIST SP 800-171 R2 ...
CMMC AU.3.050 - Limit Access to Log Management
Requirement text: AU.3.050: Limit management of audit logging functionality to a subset of privileged users. DISCUSSION FROM SOURCE: DRAFT NIST SP 800-171 R2 Individuals with privileged access to a system and who are also the subject of an audit by ...
CMMC AU.3.049 - Protect Audit Information and Tools
Requirement text: AU.3.049: Protect audit information and audit logging tools from unauthorized access, modification, and deletion. DISCUSSION FROM SOURCE: DRAFT NIST SP 800-171 R2 Audit information includes all information (e.g., audit records, ...
CMMC AU.3.048 - Centralize Audit Information
Requirement text: AU.3.048: Collect audit information (e.g., logs) into one or more central repositories. DISCUSSION FROM SOURCE: CMMC Aggregate and store audit logs in a central location. Central repositories enable analysis by storing audit record ...
CMMC AU.3.046 - Alert Logging Failures
Requirement text: AU.3.046: Alert in the event of an audit logging process failure. DISCUSSION FROM SOURCE: DRAFT NIST SP 800-171 R2 Audit logging process failures include software and hardware errors, failures in the audit record capturing ...
CMMC AU.3.045 - Review Logged Events
Requirement text: AU.3.045: Review and update logged events. DISCUSSION FROM SOURCE: DRAFT NIST SP 800-171 R2 Periodically re-evaluate which events are logged and which events should be added, modified, or deleted. The event types that are logged by ...