Reference: CMMC 2.11
Family: AU
Level Introduced: 2
Title: System Auditing
Practice:
Create and retain system audit logs and records to the extent needed to enable the monitoring, analysis, investigation, and reporting of unlawful or unauthorized system activity.
CMMC Clarification:
You should ensure that the system creates and retains audit logs. The logs should contain enough information to identify and investigate unlawful or unauthorized system activity. You select the events that require auditing. Also, you determine the information to record in the audit logs about those events.
Example
You set up audit logging capability for your organization. You determine that all systems that contain CUI must have extra detail in the audit logs. Because of this, you configure these systems to log the following information for all user actions:
• time stamps;
• source and destination addresses;
• user or process identifiers;
• event descriptions;
• success or fail indications; and
• filenames.
Implementation Strategies
This is for registered users only. Please sign up for a free account, or Login, to see complete cross references to other standards and frameworks.
NIST 800-171 Requirements (1)
This is for registered users only. Please sign up for a free account, or Login, to see complete cross references to other standards and frameworks.
NIST 800-53 Controls (6)
This is for registered users only. Please sign up for a free account, or Login, to see complete cross references to other standards and frameworks.