CMMC v2.11 Practices

AU.L2-3.3.2  

Reference: CMMC v2.11

Family: AU

Level Introduced: 2

Title: User Accountability

Practice:
Ensure that the actions of individual system users can be uniquely traced to those users so they can be held accountable for their actions.

Further Discussion:
Capturing the necessary information in audit logs ensures that you can trace actions to a specific user. This may include capturing user IDs, source and destination addresses, and time stamps. Logging from networks, servers, clients, and applications should be considered in ensuring accountability.

This requirement, AU.L2-3.3.2, which ensures logging and traceability of user actions, supports the control of non-privileged users required by AC.L2-3.1.7 as well as many other auditing, configuration management, incident response, and situation awareness requirements.

Example
You manage systems for a company that stores, processes, and transmits CUI. You want to ensure that you can trace all remote access sessions to a specific user. You configure the VPN device to capture the following information for all remote access connections: source and destination IP address, user ID, machine name, time stamp, and user actions during the remote session [b].

Potential Assessment Considerations
• Are users uniquely traced and held responsible for unauthorized actions [a]?
• Does the system protect against an individual denying having performed an action (non- repudiation) [b]?

This is for registered users only. Please sign up for a free account, or Login, to see complete cross references to other standards and frameworks.

This is for registered users only. Please sign up for a free account, or Login, to see complete cross references to other standards and frameworks.

Source: CMMC v2.11