RA-5(8)

  • Requirement

    Review historic audit logs to determine if a vulnerability identified in a [Assignment: organization-defined system] has been previously exploited within an [Assignment: organization-defined time period].

  • Discussion

    Reviewing historic audit logs to determine if a recently detected vulnerability in a system has been previously exploited by an adversary can provide important information for forensic analyses. Such analyses can help identify, for example, the extent of a previous intrusion, the trade craft employed during the attack, organizational information exfiltrated or modified, mission or business capabilities affected, and the duration of the attack.

More Info

  • Title

    Vulnerability Monitoring and Scanning | Review Historic Audit Logs
  • Family

    Risk Assessment
  • NIST 800-53B Baseline(s)

    • Related NIST 800-53 ID

      AU-6;AU-11

    NIST 800-53A Assessment Guidance

    CMMC Training

    Our CMMC Overview Course simplifies CMMC. Enroll so you can make informed decisions!