NIST SP 800-171 & CMMC 2.0 - 3.3.2
Ensure that the actions of individual system users can be uniquely traced to those users so they can be held accountable for their actions.
NIST SP 800-171 & CMMC 2.0 - 3.3.1
Create and retain system audit logs and records to the extent needed to enable the monitoring, analysis, investigation, and reporting of unlawful or unauthorized system activity.
NIST SP 800-171 & CMMC 2.0 - 3.3.7
Provide a system capability that compares and synchronizes internal system clocks with an authoritative source to generate time stamps for audit records.
NIST SP 800-171 & CMMC 2.0 - 3.3.3
Review and update logged events.
NIST SP 800-171 & CMMC 2.0 - 3.3.4
Alert in the event of an audit logging process failure.
NIST SP 800-171 & CMMC 2.0 - 3.3.8
Protect audit information and audit logging tools from unauthorized access, modification, and deletion.
NIST SP 800-171 & CMMC 2.0 - 3.3.9
Limit management of audit logging functionality to a subset of privileged users.
NIST SP 800-171 & CMMC 2.0 - 3.3.5
Correlate audit record review, analysis, and reporting processes for investigation and response to indications of unlawful, unauthorized, suspicious, or unusual activity.
NIST SP 800-171 & CMMC 2.0 - 3.3.6
Provide audit record reduction and report generation to support on-demand analysis and reporting.