CMMC 1.0 Practice AU.3.046 Requirement:
Alert in the event of an audit logging process failure.
CMMC 1.0 AU.3.046 Requirement Explanation:
Audit logging process failures generally occur when the storage capacity on a syslog server is full. This means that it is no longer capturing logs sent by your other systems. Other examples include the actual syslog server itself going down due to software or hardware failures. By being alerted of failures on your syslog server enables you to quickly resolve issues without losing important event logs.
Example CMMC 1.0 AU.3.046 Implementation:
Configure your syslog server or SIEM to alert you when storage space is running low on your systlog server. Configure an alert to warn you if your syslog server is offline.
CMMC 1.0 AU.3.046 Scenario(s):
- Scenario 1:
You use a syslog server to capture the logs from all of your servers, workstations, and firewall. You receive an alert that the syslog server's hard drive is nearing capacity. If it reaches full capacity it will no longer capture new logs. To avoid this you save the old logs on another hard drive to clear space on the server.
Quick & Simple
Discover Our Cybersecurity Compliance Solutions:
Whether you need to meet and maintain your compliance requirements, help your clients meet them, or verify supplier compliance we have the expertise and solution for you
NIST SP 800-171 & CMMC Compliance
Become compliant, provide compliance services, or verify partner compliance with NIST SP 800-171 and CMMC requirements.
HIPAA Compliance
Become compliant, provide compliance services, or verify partner compliance with HIPAA security rule requirements.
FAR 52.204-21 Compliance
Become compliant, provide compliance services, or verify partner compliance with FAR 52.204-21 Basic Safeguarding of Covered Contractor Information Systems requirements.
ISO 27001 Compliance
Become compliant, provide compliance services, or verify partner compliance with ISO 27001 requirements.