NIST SP 800-171 & CMMC 2.0 Control 3.3.8 Requirement:
Protect audit information and audit logging tools from unauthorized access, modification, and deletion.
NIST SP 800-171 & CMMC 2.0 3.3.8 Requirement Explanation:
Audit logs must be secured so that the information may not be modified or deleted, either intentionally or unintentionally. Only those with a need-to-know should have access to audit information. This includes access to audit tools such as a SIEM or syslog server.
Example NIST SP 800-171 & CMMC 2.0 3.3.8 Implementation:
Forward the audit logs on your systems to your syslog server. Prevent users from deleting audit logs from their systems by revoking their local admin rights. Only allow authorized persons to access your syslog server and SIEM. Create backups of your syslog server.
NIST SP 800-171 & CMMC 2.0 3.3.8 Scenario(s):
- Scenario 1:
To protect audit information you prevent users from modifying audit logs on their system by revoking their admin privileges. You send logs to your syslog server as they are created. You only allow personnel with auditing responsibilities to access the syslog server. When system admins need to conduct maintenance they are supervised. You create backups of your syslog server to ensure the availability of audit logs.
Discover Our NIST SP 800-171 & CMMC 2.0 Solutions:
Power through compliance. Meet and maintain your NIST SP 800-171 & CMMC 2.0 compliance requirements.
Transform your business. Create new revenue streams and provide scalability for your NIST SP 800-171 and CMMC 2.0 services.
Supply Chain Verifier
Trust is everything. Verify, monitor, and support subcontactor compliance.