3.3.8

  • Requirement

    Protect audit information and audit logging tools from unauthorized access, modification, and deletion.

  • Discussion

    Audit information includes all information (e.g., audit records, audit log settings, and audit reports) needed to successfully audit system activity. Audit logging tools are those programs and devices used to conduct audit and logging activities. This requirement focuses on the technical protection of audit information and limits the ability to access and execute audit logging tools to authorized individuals. Physical protection of audit information is addressed by media protection and physical and environmental protection requirements.

More Info

  • Family

    Audit and Accountability
  • DoD Scoring Methodology Points

    1
  • Related CMMC ID

  • Related NIST 800-53 ID

    AU-9
  • Reference Documents

    • N/A

NIST 800-171A Assessment Guidance

CMMC Training

Our CMMC Overview Course simplifies CMMC. Enroll so you can make informed decisions!