NIST SP 800-171 & CMMC 2.0 3.3.1 Requirement:
Create and retain system audit logs and records to the extent needed to enable the monitoring, analysis, investigation, and reporting of unlawful or unauthorized system activity.
NIST SP 800-171 & CMMC 2.0 3.3.1 Requirement Explanation:
If a security incident occurs on your systems you will need to investigate it. To effectively investigate a potential incident you will need to review audit logs. This can only be done if your systems are configured to keep important system and security logs. If you are unsure of what to capture you can use DISA STIGs as guidance.
Example NIST SP 800-171 & CMMC 2.0 3.3.1 Implementation:
You must ensure that all systems that store, process, or transmit CUI create and retain audit logs. The collected logs must contain enough information to identify and investigate potentially unauthorized activity. You must define the audit logs that your systems will collect. You must define an audit log retention period. You can use our information security policy template to meet this requirement. If you configure your systems in accordance with DISA security technical implementation guides then they will be set up to collect audit logs. For example, the STIG for Windows 10 lists many audit log settings that you can implement on Windows 10.
NIST SP 800-171 & CMMC 2.0 3.3.1 Scenario(s):
- Scenario 1:
Alice, a system administrator wants to capture important logs on her company's Windows 10 workstations. She is doing this so that in the event of a security incident she can conduct an investigation. She decides to implement the audit log settings recommended in DISA's Windows 10 security technical implementation guide (STIG).
Quick & Simple
Discover Our Cybersecurity Compliance Solutions:
Whether you need to meet and maintain your compliance requirements, help your clients meet them, or verify supplier compliance we have the expertise and solution for you
NIST SP 800-171 & CMMC Compliance
Become compliant, provide compliance services, or verify partner compliance with NIST SP 800-171 and CMMC requirements.
Become compliant, provide compliance services, or verify partner compliance with HIPAA security rule requirements.
FAR 52.204-21 Compliance
Become compliant, provide compliance services, or verify partner compliance with FAR 52.204-21 Basic Safeguarding of Covered Contractor Information Systems requirements.
ISO 27001 Compliance
Become compliant, provide compliance services, or verify partner compliance with ISO 27001 requirements.