CMMC 1.0 Practice - AU.2.041

Ensure that the actions of individual system users can be uniquely traced to those users so they can be held accountable for their actions.

CMMC 1.0 Practice - AU.2.042

Create and retain system audit logs and records to the extent needed to enable the monitoring, analysis, investigation, and reporting of unlawful or unauthorized system activity.

CMMC 1.0 Practice - AU.2.043

Provide a system capability that compares and synchronizes internal system clocks with an authoritative source to generate time stamps for audit records.

CMMC 1.0 Practice - AU.2.044

Review audit logs.

CMMC 1.0 Practice - AU.3.045

Review and update logged events.

CMMC 1.0 Practice - AU.3.046

Alert in the event of an audit logging process failure.

CMMC 1.0 Practice - AU.3.048

Collect audit logs into one or more central repositories.

CMMC 1.0 Practice - AU.3.049

Protect audit information and audit logging tools from unauthorized access, modification, and deletion.

CMMC 1.0 Practice - AU.3.050

Limit management of audit logging functionality to a subset of privileged users.

CMMC 1.0 Practice - AU.3.051

Correlate audit record review, analysis, and reporting processes for investigation and response to indications of unlawful, unauthorized, suspicious, or unusual activity.

CMMC 1.0 Practice - AU.3.052

Provide audit record reduction and report generation to support on-demand analysis and reporting.