CMMC Practice AU.3.052

Provide audit record reduction and report generation to support on-demand analysis and reporting.

Source

CMMC Version 1.02, pg. 97

Bold Coast Security Guidance

This is another practice supporting the implementation of SIEM in your organization. Your SIEM will be able to distill your audit logs down to meaningful reports, or support statistical data which allows you to identify outliers of activity. Some systems will also filter out "normal" activity in order to allow you to focus on the unknown activity happening on your network. This can be a time consuming processes, so any systems with some built in AI or rules for known traffic can be very beneficial.

Discussion From Source

DRAFT NIST SP 800-171 R2 Audit record reduction is a process that manipulates collected audit information and organizes such information in a summary format that is more meaningful to analysts. Audit record reduction and report generation capabilities do not always emanate from the same system or organizational entities conducting auditing activities. Audit record reduction capability can include, for example, modern data mining techniques with advanced data filters to identify anomalous behavior in audit records. The report generation capability provided by the system can help generate customizable reports. Time ordering of audit records can be a significant issue if the granularity of the time stamp in the record is insufficient.

References