The audit & accountability domain has four capability requirements and a total of fourteen practices.
What does Audit & Accountability Mean?
Audit - Independent review and examination of records and activities to assess the adequacy of system controls, to ensure compliance with established policies and operational procedures.
Accountability - The security goal that generates the requirement for actions of an entity to be traced uniquely to that entity. This supports nonrepudiation, deterrence, fault isolation, intrusion detection and prevention, and after-action recovery and legal action.
Audit and Accountability Domain Explained
The goal of the audit and accountability domain is to record system and security logs on systems to support the monitoring, investigation, and reporting of system activity. It also seeks to ensure that system audit logs can be traced back to users so that they can be held accountable for their actions.
What are the CMMC Access Control Domain Capabilities?
C007: Define audit requirements
C008: Perform auditing
C009: Identify and protect audit information
C010: Review and manage audit logs
Examples of Audit and Accountability
Examples of audit and accountability requirements include: audit events, time stamps, nonrepudiation, protection of audit information, audit record retention, and session audit. These allow you to trace events back to a specific user, device, or process.
Quick & Simple
Discover Our Cybersecurity Compliance Solutions:
Whether you need to meet and maintain your compliance requirements, help your clients meet them, or verify supplier compliance we have the expertise and solution for you
NIST SP 800-171 & CMMC Compliance
Become compliant, provide compliance services, or verify partner compliance with NIST SP 800-171 and CMMC requirements.