NIST SP 800-171 & CMMC 2.0 Control 3.3.1 Requirement:
Create and retain system audit logs and records to the extent needed to enable the monitoring, analysis, investigation, and reporting of unlawful or unauthorized system activity.
NIST SP 800-171 & CMMC 2.0 3.3.1 Requirement Explanation:
If a security incident occurs on your systems you will need to investigate it. To effectively investigate a potential incident you will need to review audit logs. This can only be done if your systems are configured to keep important system and security logs. If you are unsure of what to capture you can use DISA STIGs as guidance.
Example NIST SP 800-171 & CMMC 2.0 3.3.1 Implementation:
You must ensure that all systems that store, process, or transmit CUI create and retain audit logs. The collected logs must contain enough information to identify and investigate potentially unauthorized activity. You must define the audit logs that your systems will collect. You must define an audit log retention period. You can use our information security policy template to meet this requirement. If you configure your systems in accordance with DISA security technical implementation guides then they will be set up to collect audit logs. For example, the STIG for Windows 10 lists many audit log settings that you can implement on Windows 10.
NIST SP 800-171 & CMMC 2.0 3.3.1 Scenario(s):
- Scenario 1:
Alice, a system administrator wants to capture important logs on her company's Windows 10 workstations. She is doing this so that in the event of a security incident she can conduct an investigation. She decides to implement the audit log settings recommended in DISA's Windows 10 security technical implementation guide (STIG).
Discover Our NIST SP 800-171 & CMMC 2.0 Solutions:
Power through compliance. Meet and maintain your NIST SP 800-171 & CMMC 2.0 compliance requirements.
Transform your business. Create new revenue streams and provide scalability for your NIST SP 800-171 and CMMC 2.0 services.
Supply Chain Verifier
Trust is everything. Verify, monitor, and support subcontactor compliance.