CMMC 2.0 • LEVEL 2 • AUDIT & ACCOUNTABILITY

AU.L2-3.3.1Event Logging

Specify the following event types selected for logging within the system: account logon/logoff, account management, object access to CUI, policy changes, privilege use, process tracking, system events, failed access attempts, and use of privileged functionsCMMC/STIG. Review and update the event types selected for logging date/time, event type, user/process identity, source (IP or device), outcome (success/failure), and affected objectCMMC/STIG.

NIST 800-171 Mapping

NIST 800-53 Controls

AU-2AU-3AU-3(1)AU-12

Assessment Objectives

  • the following event types are specified for logging within the system: account logon/logoff, account management, object access to CUI, policy changes, privilege use, process tracking, system events, failed access attempts, and use of privileged functionsCMMC/STIG.
  • the event types selected for logging are reviewed date/time, event type, user/process identity, source (IP or device), outcome (success/failure), and affected objectCMMC/STIG.
  • the event types selected for logging are updated date/time, event type, user/process identity, source (IP or device), outcome (success/failure), and affected objectCMMC/STIG.

Practitioner Notes

Practitioner commentary coming soon.

Related CMMC 2.0 Practices

AU.L2-3.3.2 Audit Record Content AU.L2-3.3.3 Audit Record Generation AU.L2-3.3.4 Response to Audit Logging Process Failures AU.L1-3.3.5 Audit Record Review, Analysis, and Reporting