CMMC 2.0 Insights
Level 2

CMMC LEVEL 2 Overview (Show All)

Show All

Select Level

Select Domain for Level 2

Domain Name

Access Control (AC)

Audit & Accountability (AU)

Awareness & Training (AT)

Configuration Management (CM)

Identification & Authentication (IA)

Incident Response (IR)

Maintenance (MA)

Media Protection (MP)

Personnel Security (PS)

Physical Protection (PE)

Risk Assessment (RA)

Security Assessment (CA)

Systems & Communications Protection (SC)

System & Information Integrity (SI)

Practices

All This Level

"All" means all practices for this domain for both Level 2 + Level 1

DOMAIN: Audit and Accountability

Practice:AU.L2-3.3.1	CAPABILITY: C008 Perform Auditing
Create and retain system audit logs and records to the extent needed to enable the monitoring, analysis, investigation, and reporting of unlawful or unauthorized system activity.

Assessment NOTES: A CMMC assessor may want to review, observe, or test the following

Policy and operational procedures to determine if the organization capture audit records, protect the integrity of the audit collection process, and that retention requirements for audit records is defined.

Evidence of the content in audit logs (event types) and audit records.

Audit collection process to determine that access to the audit logs are restricted from unauthorized access.

Click here to see details (additional assessment notes available)

Practice:AU.L2-3.3.2	CAPABILITY: C007 Define audit requirements
Ensure that the actions of individual system users can be uniquely traced to those users so they can be held accountable for their actions.

Assessment NOTES: A CMMC assessor may want to review, observe, or test the following

Policy and procedures related to Audit and Accountability that identifies the type of individual informaiton system user actions that can be monitored .

Evidence the company monitors the actions of individual system users pursuant to the policy above.

Evidence or system observations that demonstrate an ability to trace unauthroized system user activity.

Implementation of non-repudiation services such as digital signatures or digital message receipts.