Reference: CMMC 2.11
Family: AU
Level Introduced: 2
Title: User Accountability
Practice:
Ensure that the actions of individual system users can be uniquely traced to those users so they can be held accountable for their actions.
CMMC Clarification:
You need to capture information in audit logs. This ensures that you can trace the actions you audit to a specific user. This may include capturing information from users, including:
• user IDs;
• source and destination addresses; and
• time stamps.
Such information helps track actions to an individual.
Example
You are the IT administrator for your organization. You want to ensure that you can trace all remote access sessions to a specific user. You configure the VPN device to capture the following information for all remote access connections:
• source and destination IP address;
• user ID;
• machine name;
• time stamp; and
• user actions during the remote session.
This lets you trace these actions to a specific user.
Implementation Strategies
This is for registered users only. Please sign up for a free account, or Login, to see complete cross references to other standards and frameworks.
NIST 800-171 Requirements (1)
This is for registered users only. Please sign up for a free account, or Login, to see complete cross references to other standards and frameworks.
NIST 800-53 Controls (6)
This is for registered users only. Please sign up for a free account, or Login, to see complete cross references to other standards and frameworks.