CMMC Practice Requirement:
Collect audit logs into one or more central repositories.
CMMC Requirement Explanation:
By collecting logs from your systems into a central repository (e.g. a syslog server) you can setup a SIEM. Using a security information and event management (SIEM) system you can better analyze logs in your system to identify security incidents.
Example CMMC Implementation:
Setup a syslog server and direct the logs collected by your systems to it. This can be accomplished by installing event log forwarders on your systems or by using existing settings to forward your logs.
- Scenario 1:
To collect logs into a central repository your company has setup a syslog server. You forward logs from your active directory server, network devices, and other servers to it.
Discover Our NIST SP 800-171 Solutions:
For contractors seeking compliance
For IT service providers
Supply Chain Verifier
For contractors seeking to verify partner compliance