NIST SP 800-171 & CMMC 2.0 Control 3.3.3 Requirement:

Review and update logged events.

NIST SP 800-171 & CMMC 2.0 3.3.3 Requirement Explanation:

By maintaining a list of security logs you want to collect you can optimize your audit logging program. You save storage space and can reduce log fatigue for security personnel who need to review the logs. You should update your list to reflect the threats and incidents you encounter in your company. Updating your list of collected logs is a good idea after a security incident as collecting more logs may have helped identify the incident earlier.

Example NIST SP 800-171 & CMMC 2.0 3.3.3 Implementation:

Document the list of security related logs that your organization should capture. Examples include user logins, password changes, group membership changes, and account creations. What you collect may change for each system. For a VPN you may also want to collect information on the users who connect to your system. Periodically (e.g., annually) review this list to determine if you are collecting the correct logs to identify security incidents. You may also identify logs that you do not need to collect. You may decide to omit these to prioritize storage for more important logs. Our information security policy template includes events that should be collected.

NIST SP 800-171 & CMMC 2.0 3.3.3 Scenario(s):

- Scenario 1:

You found unauthorized software on a user's workstation. The user has denied installing. You review the system logs and can't find any logs indicating who installed the software. To prevent this from occurring in the future you update the logs your workstations collect to include Windows event IDs for software installation.

Discover Our NIST SP 800-171 & CMMC 2.0 Solutions:


Compliance Accelerator

Power through compliance. Meet and maintain your NIST SP 800-171 & CMMC 2.0 compliance requirements.

Quantum Assessor

Transform your business. Create new revenue streams and provide scalability for your NIST SP 800-171 and CMMC 2.0 services.

Supply Chain Verifier

Trust is everything. Verify, monitor, and support subcontactor compliance.