Reference: CMMC 2.0
Level Introduced: 2
Title: System Auditing
Create and retain system audit logs and records to the extent needed to enable the monitoring, analysis, investigation, and reporting of unlawful or unauthorized system activity.
You should ensure that the system creates and retains audit logs. The logs should contain enough information to identify and investigate unlawful or unauthorized system activity. You select the events that require auditing. Also, you determine the information to record in the audit logs about those events.
You set up audit logging capability for your organization. You determine that all systems that contain CUI must have extra detail in the audit logs. Because of this, you configure these systems to log the following information for all user actions:
• time stamps;
• source and destination addresses;
• user or process identifiers;
• event descriptions;
• success or fail indications; and