CMMC Domain AU Audit and Accountability

Practices and capabilities which relate to creating, storing, and reviewing audit trails of user and system activity.

AU.3.049
Protect audit information and audit logging tools from unauthorized access, modification, and deletion.
AU.4.054
Review audit information for broad activity in addition to per-machine activity.
AU.5.055
Identify assets not reporting audit logs and assure appropriate organizationally defined systems are logging.
AU.4.053
Automate analysis of audit logs to identify and act on critical indicators (TTPs) and/or organizationally defined suspicious activity.
AU.2.042
Create and retain system audit logs and records to the extent needed to enable the monitoring, analysis, investigation, and reporting of unlawful or unauthorized system activity.
AU.2.041
Ensure that the actions of individual system users can be uniquely traced to those users so they can be held accountable for their actions.
AU.3.046
Alert in the event of an audit logging process failure.
AU.3.050
Limit management of audit logging functionality to a subset of privileged users.
AU.3.048
Collect audit information (e.g., logs) into one or more central repositories.
AU.3.045
Review and update logged events.
AU.3.051
Correlate audit record review, analysis, and reporting processes for investigation and response to indications of unlawful, unauthorized, suspicious, or unusual activity.
AU.3.052
Provide audit record reduction and report generation to support on-demand analysis and reporting.
AU.2.043
Provide a system capability that compares and synchronizes internal system clocks with an authoritative source to generate time stamps for audit records.
AU.2.044
Review audit logs.