CMMC Practice Requirement:

Alert in the event of an audit logging process failure.

CMMC Requirement Explanation:

Audit logging process failures generally occur when the storage capacity on a syslog server is full. This means that it is no longer capturing logs sent by your other systems. Other examples include the actual syslog server itself going down due to software or hardware failures. By being alerted of failures on your syslog server enables you to quickly resolve issues without losing important event logs.

Example CMMC Implementation:

Configure your syslog server or SIEM to alert you when storage space is running low on your systlog server. Configure an alert to warn you if your syslog server is offline.


- Scenario 1:

You use a syslog server to capture the logs from all of your servers, workstations, and firewall. You receive an alert that the syslog server's hard drive is nearing capacity. If it reaches full capacity it will no longer capture new logs. To avoid this you save the old logs on another hard drive to clear space on the server.

Discover Our NIST SP 800-171 Solutions:


Compliance Accelerator

For contractors seeking compliance

Quantum Assessor

For IT service providers

Supply Chain Verifier

For contractors seeking to verify partner compliance