NIST SP 800-171 & CMMC 2.0 3.3.3 Requirement:
Review and update logged events.
NIST SP 800-171 & CMMC 2.0 3.3.3 Requirement Explanation:
By maintaining a list of security logs you want to collect you can optimize your audit logging program. You save storage space and can reduce log fatigue for security personnel who need to review the logs. You should update your list to reflect the threats and incidents you encounter in your company. Updating your list of collected logs is a good idea after a security incident as collecting more logs may have helped identify the incident earlier.
Example NIST SP 800-171 & CMMC 2.0 3.3.3 Implementation:
Document the list of security related logs that your organization should capture. Examples include user logins, password changes, group membership changes, and account creations. What you collect may change for each system. For a VPN you may also want to collect information on the users who connect to your system. Periodically (e.g., annually) review this list to determine if you are collecting the correct logs to identify security incidents. You may also identify logs that you do not need to collect. You may decide to omit these to prioritize storage for more important logs. Our information security policy template includes events that should be collected.
NIST SP 800-171 & CMMC 2.0 3.3.3 Scenario(s):
- Scenario 1:
You found unauthorized software on a user's workstation. The user has denied installing. You review the system logs and can't find any logs indicating who installed the software. To prevent this from occurring in the future you update the logs your workstations collect to include Windows event IDs for software installation.
Quick & Simple
Discover Our Cybersecurity Compliance Solutions:
Whether you need to meet and maintain your compliance requirements, help your clients meet them, or verify supplier compliance we have the expertise and solution for you
NIST SP 800-171 & CMMC Compliance
Become compliant, provide compliance services, or verify partner compliance with NIST SP 800-171 and CMMC requirements.
Become compliant, provide compliance services, or verify partner compliance with HIPAA security rule requirements.
FAR 52.204-21 Compliance
Become compliant, provide compliance services, or verify partner compliance with FAR 52.204-21 Basic Safeguarding of Covered Contractor Information Systems requirements.
ISO 27001 Compliance
Become compliant, provide compliance services, or verify partner compliance with ISO 27001 requirements.