Level 5 CMMC - CMMC Practices

AU.3.048  

Reference: CMMC 1.02

Family: AU

Level Introduced: 3

Practice:
Collect audit information (e.g., logs) into one or more central repositories.

CMMC Clarification:
Aggregate and store audit logs in a centralized location or locations within the organization. Storing audit logs in a centralized location supports orchestration, automation, correlation, and analysis activities by enabling a full picture of the audit logs, and can support automated analysis capabilities including correlation of events across the enterprise. Ensure that the central repository has the appropriate infrastructure, including protection mechanisms, and the capacity level to meet the logging requirements of the organization.

Example
You are in charge of IT operations in your organization. Your responsibilities include reviewing audit logs. You consolidate all audit logs in a common format and into a centralized logging infrastructure that may consist of one or more servers. By doing this, you enable centralized analysis of your audit logs. This increases situational awareness across your network. In addition, you are able to better protect your audit logs by storing them in one centralized location.

Aggregate and store audit logs in a central location. Central repositories enable analysis by storing audit record content needed for analysis in a common location and format. Storing audit logs in central repositories also protects audit information. The repository has the available infrastructure, capacity, and protection mechanisms to meet the organization's audit requirements. Policy and local laws may place requirements on the location and structure of the repositories.

Source: CMMC v1.02

AU-6 (4)

AUDIT REVIEW, ANALYSIS, AND REPORTING | CENTRAL REVIEW AND ANALYSIS

Description:
The information system provides the capability to centrally review and analyze audit records from multiple components within the system.

Supplemental Guidance:
Automated mechanisms for centralized reviews and analyses include, for example, Security Information Management products. Related controls: AU-2, AU-12.

Source: NIST Special Publication 800-53 Rev. 4

Source: CMMC v1.02