CMMC Practice AU.5.055

Identify assets not reporting audit logs and assure appropriate organizationally defined systems are logging.


CMMC Version 1.02, pg. 101

Discussion From Source

CMMC Practice AU.2.042 required the creation and retention of audit logs. Audit logs are essential to cybersecurity awareness and incident response. This practice requires organizations to proactively determine if any assets that should be creating audit logs are not generating the required logs.