CMMC Practice Requirement:

Create and retain system audit logs and records to the extent needed to enable the monitoring, analysis, investigation, and reporting of unlawful or unauthorized system activity.

CMMC Requirement Explanation:

If a security incident occurs on your systems you will need to investigate it. To effectively investigate you will need to review audit logs. This can only be done if your systems are configured to keep important system and security logs. If you are unsure of what to capture you can use DISA STIGs as guidance.

Example CMMC Implementation:

Configure your systems need to keep audit logs especially security logs. You can use DISA STIGs to help determine which additional events to log. For example, the STIG for Windows 10 lists many audit log settings that you can implement on Windows 10.


- Scenario 1:

Alice, a system administrator wants to capture important logs on her company's Windows 10 workstations. She is doing this so that in the event of a security incident she can conduct an investigation. She decides to implement the audit log settings recommended in DISA's Windows 10 security technical implementation guide (STIG).

Discover Our NIST SP 800-171 Solutions:


Compliance Accelerator

For contractors seeking compliance

Quantum Assessor

For IT service providers

Supply Chain Verifier

For contractors seeking to verify partner compliance