CMMC Practice Requirement:
Protect audit information and audit logging tools from unauthorized access, modification, and deletion.
CMMC Requirement Explanation:
Audit logs are critical for identifying security incidents and policy violations hence the need to protect them. Protection entails protecting their confidentiality (encrypted storage), integrity (preventing users from modifying them), and availability (backing up your syslog server).
Example CMMC Implementation:
Forward the audit logs on your systems to your syslog server. Prevent users from deleting audit logs from their systems by revoking their local admin rights. Only allow authorized persons access to your syslog server and SIEM. Create backups of your syslog server.
- Scenario 1:
To protect audit information you prevent users from modifying audit logs on their system by revoking their admin privileges. You send logs to your syslog server as they are created. You only allow personnel with auditing responsibilities to access the syslog server. When system admins need to conduct maintenance they are supervised. You create backups of your syslog server to ensure the availability of audit logs.
Discover Our NIST SP 800-171 Solutions:
For contractors seeking compliance
For IT service providers
Supply Chain Verifier
For contractors seeking to verify partner compliance