← All Domains

AU — Audit and Accountability

Stokes Frederick Co

SPRS Score: -131

Objective Progress 0 / 29 (0.0%)
CMMC Practices MET 0 / 9
Domain Score Impact -19

CMMC scoring changes when all assessment objectives for a practice are MET; objective progress updates as each objective is assessed.

AU.L2-3.3.1 DoD Weight: 5 Deduction: -5 Basic
Not Yet Assessed
Requirement: Create and retain system audit logs and records to the extent needed to enable the monitoring, analysis, investigation, and reporting of unlawful or unauthorized system activity.
MET gate: This control cannot be marked MET until every child objective is MET. Blocking objective statuses: 3.3.1[a] = Not Yet Assessed; 3.3.1[b] = Not Yet Assessed; 3.3.1[c] = Not Yet Assessed; 3.3.1[d] = Not Yet Assessed; 3.3.1[e] = Not Yet Assessed; 3.3.1[f] = Not Yet Assessed

Assessment Objectives (6)

  • 3.3.1[a]
    Determine if: audit logs needed (i.e., event types to be logged) to enable the monitoring, analysis, investigation, and reporting of unlawful or unauthorized system activity are specified.
    Update objective finding / evidence
    Not Yet Assessed
  • 3.3.1[b]
    Determine if: the content of audit records needed to support monitoring, analysis, investigation, and reporting of unlawful or unauthorized system activity is defined.
    Update objective finding / evidence
    Not Yet Assessed
  • 3.3.1[c]
    Determine if: audit records are created (generated).
    Update objective finding / evidence
    Not Yet Assessed
  • 3.3.1[d]
    Determine if: audit records, once created, contain the defined content.
    Update objective finding / evidence
    Not Yet Assessed
  • 3.3.1[e]
    Determine if: retention requirements for audit records are defined.
    Update objective finding / evidence
    Not Yet Assessed
  • 3.3.1[f]
    Determine if: audit records are retained as defined.
    Update objective finding / evidence
    Not Yet Assessed
📝 Assessment Methods (Examine / Interview / Test)
Examine: [SELECT FROM: Audit and accountability policy; procedures addressing auditable events; security plan; system design documentation; system configuration settings and associated documentation; system audit logs and records; system auditable events; system incident reports; other relevant documents or records].
Interview: [SELECT FROM: Personnel with audit and accountability responsibilities; personnel with information security responsibilities; system or network administrators].
Test: [SELECT FROM: Mechanisms implementing system audit logging].
AU.L2-3.3.2 DoD Weight: 3 Deduction: -3 Basic
Not Yet Assessed
Requirement: Ensure that the actions of individual system users can be uniquely traced to those users so they can be held accountable for their actions.
MET gate: This control cannot be marked MET until every child objective is MET. Blocking objective statuses: 3.3.2[a] = Not Yet Assessed; 3.3.2[b] = Not Yet Assessed

Assessment Objectives (2)

  • 3.3.2[a]
    Determine if: the content of the audit records needed to support the ability to uniquely trace users to their actions is defined.
    Update objective finding / evidence
    Not Yet Assessed
  • 3.3.2[b]
    Determine if: audit records, once created, contain the defined content.
    Update objective finding / evidence
    Not Yet Assessed
📝 Assessment Methods (Examine / Interview / Test)
Examine: [SELECT FROM: Audit and accountability policy; procedures addressing audit records and event types; security plan; system design documentation; system configuration settings and associated documentation; system audit logs and records; system events; system incident reports; other relevant documents or records].
Interview: [SELECT FROM: Personnel with audit and accountability responsibilities; personnel with information security responsibilities; system or network administrators].
Test: [SELECT FROM: Mechanisms implementing system audit logging].
AU.L2-3.3.3 DoD Weight: 1 Deduction: -1 Basic
Not Yet Assessed
Requirement: Review and update logged events.
MET gate: This control cannot be marked MET until every child objective is MET. Blocking objective statuses: 3.3.3[a] = Not Yet Assessed; 3.3.3[b] = Not Yet Assessed; 3.3.3[c] = Not Yet Assessed

Assessment Objectives (3)

  • 3.3.3[a]
    Determine if: a process for determining when to review logged events is defined.
    Update objective finding / evidence
    Not Yet Assessed
  • 3.3.3[b]
    Determine if: event types being logged are reviewed in accordance with the defined review process.
    Update objective finding / evidence
    Not Yet Assessed
  • 3.3.3[c]
    Determine if: event types being logged are updated based on the review.
    Update objective finding / evidence
    Not Yet Assessed
📝 Assessment Methods (Examine / Interview / Test)
Examine: [SELECT FROM: Audit and accountability policy; procedures addressing audit records and event types; security plan; list of organization-defined event types to be logged; reviewed and updated records of logged event types; system audit logs and records; system incident reports; other relevant documents or records].
Interview: [SELECT FROM: Personnel with audit and accountability responsibilities; personnel with information security responsibilities].
Test: [SELECT FROM: Mechanisms supporting review and update of logged event types].
AU.L2-3.3.4 DoD Weight: 1 Deduction: -1 Basic
Not Yet Assessed
Requirement: Alert in the event of an audit logging process failure.
MET gate: This control cannot be marked MET until every child objective is MET. Blocking objective statuses: 3.3.4[a] = Not Yet Assessed; 3.3.4[b] = Not Yet Assessed; 3.3.4[c] = Not Yet Assessed

Assessment Objectives (3)

  • 3.3.4[a]
    Determine if: personnel or roles to be alerted in the event of an audit logging process failure are identified.
    Update objective finding / evidence
    Not Yet Assessed
  • 3.3.4[b]
    Determine if: types of audit logging process failures for which alert will be generated are defined.
    Update objective finding / evidence
    Not Yet Assessed
  • 3.3.4[c]
    Determine if: identified personnel or roles are alerted in the event of an audit logging process failure.
    Update objective finding / evidence
    Not Yet Assessed
📝 Assessment Methods (Examine / Interview / Test)
Examine: [SELECT FROM: Audit and accountability policy; procedures addressing response to audit logging processing failures; system design documentation; security plan; system configuration settings and associated documentation; list of personnel to be notified in case of an audit logging processing failure; system incident reports; system audit logs and records; other relevant documents or records].
Interview: [SELECT FROM: Personnel with audit and accountability responsibilities; personnel with information security responsibilities; system or network administrators; system developers].
Test: [SELECT FROM: Mechanisms implementing system response to audit logging processing failures].
AU.L2-3.3.5 DoD Weight: 5 Deduction: -5 Basic
Not Yet Assessed
Requirement: Correlate audit record review, analysis, and reporting processes for investigation and response to indications of unlawful, unauthorized, suspicious, or unusual activity.
MET gate: This control cannot be marked MET until every child objective is MET. Blocking objective statuses: 3.3.5[a] = Not Yet Assessed; 3.3.5[b] = Not Yet Assessed

Assessment Objectives (2)

  • 3.3.5[a]
    Determine if: audit record review, analysis, and reporting processes for investigation and response to indications of unlawful, unauthorized, suspicious, or unusual activity are defined.
    Update objective finding / evidence
    Not Yet Assessed
  • 3.3.5[b]
    Determine if: defined audit record review, analysis, and reporting processes are correlated.
    Update objective finding / evidence
    Not Yet Assessed
📝 Assessment Methods (Examine / Interview / Test)
Examine: [SELECT FROM: Audit and accountability policy; procedures addressing audit record review, analysis, and reporting; security plan; system design documentation; system configuration settings and associated documentation; system audit logs and records across different repositories; other relevant documents or records].
Interview: [SELECT FROM: Personnel with audit record review, analysis, and reporting responsibilities; personnel with information security responsibilities].
Test: : [SELECT FROM: Mechanisms supporting analysis and correlation of audit records].
AU.L2-3.3.6 DoD Weight: 1 Deduction: -1 Basic
Not Yet Assessed
Requirement: Provide audit record reduction and report generation to support on-demand analysis and reporting.
MET gate: This control cannot be marked MET until every child objective is MET. Blocking objective statuses: 3.3.6[a] = Not Yet Assessed; 3.3.6[b] = Not Yet Assessed

Assessment Objectives (2)

  • 3.3.6[a]
    Determine if: an audit record reduction capability that supports on-demand analysis is provided.
    Update objective finding / evidence
    Not Yet Assessed
  • 3.3.6[b]
    Determine if: a report generation capability that supports on-demand reporting is provided.
    Update objective finding / evidence
    Not Yet Assessed
📝 Assessment Methods (Examine / Interview / Test)
Examine: [SELECT FROM: Audit and accountability policy; procedures addressing audit record reduction and report generation; system design documentation; security plan; system configuration settings and associated documentation; audit record reduction, review, analysis, and reporting tools; system audit logs and records; other relevant documents or records].
Interview: [SELECT FROM: Personnel with audit record reduction and report generation responsibilities; personnel with information security responsibilities].
Test: [SELECT FROM: Audit record reduction and report generation capability].
AU.L2-3.3.7 DoD Weight: 1 Deduction: -1 Basic
Not Yet Assessed
Requirement: Provide a system capability that compares and synchronizes internal system clocks with an authoritative source to generate time stamps for audit records.
MET gate: This control cannot be marked MET until every child objective is MET. Blocking objective statuses: 3.3.7[a] = Not Yet Assessed; 3.3.7[b] = Not Yet Assessed; 3.3.7[c] = Not Yet Assessed

Assessment Objectives (3)

  • 3.3.7[a]
    Determine if: internal system clocks are used to generate time stamps for audit records.
    Update objective finding / evidence
    Not Yet Assessed
  • 3.3.7[b]
    Determine if: an authoritative source with which to compare and synchronize internal system clocks is specified.
    Update objective finding / evidence
    Not Yet Assessed
  • 3.3.7[c]
    Determine if: internal system clocks used to generate time stamps for audit records are compared to and synchronized with the specified authoritative time source.
    Update objective finding / evidence
    Not Yet Assessed
📝 Assessment Methods (Examine / Interview / Test)
Examine: [SELECT FROM: Audit and accountability policy; procedures addressing time stamp generation; system design documentation; security plan; system configuration settings and associated documentation; system audit logs and records; other relevant documents or records].
Interview: [SELECT FROM: Personnel with information security responsibilities; system or network administrators; system developers].
Test: [SELECT FROM: Mechanisms implementing time stamp generation].
AU.L2-3.3.8 DoD Weight: 1 Deduction: -1 Basic
Not Yet Assessed
Requirement: Protect audit information and audit logging tools from unauthorized access, modification, and deletion.
MET gate: This control cannot be marked MET until every child objective is MET. Blocking objective statuses: 3.3.8[a] = Not Yet Assessed; 3.3.8[b] = Not Yet Assessed; 3.3.8[c] = Not Yet Assessed; 3.3.8[d] = Not Yet Assessed; 3.3.8[e] = Not Yet Assessed; 3.3.8[f] = Not Yet Assessed

Assessment Objectives (6)

  • 3.3.8[a]
    Determine if: audit information is protected from unauthorized access.
    Update objective finding / evidence
    Not Yet Assessed
  • 3.3.8[b]
    Determine if: audit information is protected from unauthorized modification.
    Update objective finding / evidence
    Not Yet Assessed
  • 3.3.8[c]
    Determine if: audit information is protected from unauthorized deletion.
    Update objective finding / evidence
    Not Yet Assessed
  • 3.3.8[d]
    Determine if: audit logging tools are protected from unauthorized access.
    Update objective finding / evidence
    Not Yet Assessed
  • 3.3.8[e]
    Determine if: audit logging tools are protected from unauthorized modification.
    Update objective finding / evidence
    Not Yet Assessed
  • 3.3.8[f]
    Determine if: audit logging tools are protected from unauthorized deletion.
    Update objective finding / evidence
    Not Yet Assessed
📝 Assessment Methods (Examine / Interview / Test)
Examine: [SELECT FROM: Audit and accountability policy; access control policy and procedures; procedures addressing protection of audit information; security plan; system design documentation; system configuration settings and associated documentation, system audit logs and records; audit logging tools; other relevant documents or records].
Interview: [SELECT FROM: Personnel with audit and accountability responsibilities; personnel with information security responsibilities; system or network administrators; system developers].
Test: [SELECT FROM: Mechanisms implementing audit information protection].
AU.L2-3.3.9 DoD Weight: 1 Deduction: -1 Basic
Not Yet Assessed
Requirement: Limit management of audit logging functionality to a subset of privileged users.
MET gate: This control cannot be marked MET until every child objective is MET. Blocking objective statuses: 3.3.9[a] = Not Yet Assessed; 3.3.9[b] = Not Yet Assessed

Assessment Objectives (2)

  • 3.3.9[a]
    Determine if: a subset of privileged users granted access to manage audit logging functionality is defined.
    Update objective finding / evidence
    Not Yet Assessed
  • 3.3.9[b]
    Determine if: management of audit logging functionality is limited to the defined subset of privileged users.
    Update objective finding / evidence
    Not Yet Assessed
📝 Assessment Methods (Examine / Interview / Test)
Examine: [SELECT FROM: Audit and accountability policy; access control policy and procedures; procedures addressing protection of audit information; security plan; system design documentation; system configuration settings and associated documentation; access authorizations; system-generated list of privileged users with access to management of audit logging functionality; access control list; system audit logs and records; other relevant documents or records].
Interview: [SELECT FROM: Personnel with audit and accountability responsibilities; personnel with information security responsibilities; system or network administrators; system developers].
Test: [SELECT FROM: Mechanisms managing access to audit logging functionality].