CMMC Practice AU.3.045
Review and update logged events.
Bold Coast Security Guidance
This is an extension of AU.2.041 and arguably a part of ensuring that practice's effectiveness. The end result is your organization must periodically review your audit plan and ensure that the items you wish to log are still being logged, that new audit options are reviewed for applicability in your organization, or if options previously ignored should now be put into practice. Set up an schedule to do this on a regular basis, assign it to someone, and track its completion.
DRAFT NIST SP 800-171 R2
Periodically re -evaluate which events are logged and which events should be added, modified, or deleted. The event types that are logged by organizations may change over time. Reviewing and updating the set of logged event types periodically is necessary to ensure that the current set remains necessary and sufficient.