CMMC Practice AU.L2-3.3.4

Alert in the event of an audit logging process failure.

Bold Coast Security Guidance

This practice requires the implementation of a system which is automatically reviewing system logs and sending notifications. That security information and event management system, or SIEM, will do a lot more for your organization, too. Notice that this practice also requires a system to monitor hardware and network connectivity. This is an fairly routine system to alert staff to operational issues, but now also provides a way to know if your SIEM itself is malfunctioning.

Discussion From Source

DRAFT NIST SP 800-171 R2 Audit logging process failures include software and hardware errors, failures in the audit record capturing mechanisms, and audit record storage capacity being reached or exceeded. This requirement applies to each audit record data storage repository (i.e., distinct system component where audit records are stored), the total audit record storage capacity of organizations (i.e., all audit record data storage repositories combined), or both.