CMMC Practice AU.3.045

Review and update logged events.


CMMC Version 1.02, pg. 91

Bold Coast Security Guidance

This is an extension of AU.2.041 and arguably a part of ensuring that practice's effectiveness. The end result is your organization must periodically review your audit plan and ensure that the items you wish to log are still being logged, that new audit options are reviewed for applicability in your organization, or if options previously ignored should now be put into practice. Set up an schedule to do this on a regular basis, assign it to someone, and track its completion.

Discussion From Source

DRAFT NIST SP 800-171 R2 Periodically re -evaluate which events are logged and which events should be added, modified, or deleted. The event types that are logged by organizations may change over time. Reviewing and updating the set of logged event types periodically is necessary to ensure that the current set remains necessary and sufficient.