CMMC Audit & Accountability Domain Explained

The audit & accountability domain has four capability requirements and a total of fourteen practices.

Audit - Independent review and examination of records and activities to assess the adequacy of system controls, to ensure compliance with established policies and operational procedures.

Accountability - The security goal that generates the requirement for actions of an entity to be traced uniquely to that entity. This supports nonrepudiation, deterrence, fault isolation, intrusion detection and prevention, and after-action recovery and legal action.

The goal of the audit and accountability domain is to record system and security logs on systems to support the monitoring, investigation, and reporting of system activity. It also seeks to ensure that system audit logs can be traced back to users so that they can be held accountable for their actions.

• C007: Define audit requirements
• C008: Perform auditing
• C009: Identify and protect audit information
• C010: Review and manage audit logs

Examples of audit and accountability requirements include: audit events, time stamps, nonrepudiation, protection of audit information, audit record retention, and session audit. These allow you to trace events back to a specific user, device, or process.