Access Control

CMMC Audit & Accountability Domain Explained

In this post we explain the CMMC audit & accountability domain and its associated requirements.

Join our newsletter:
The audit & accountability domain has four capability requirements and a total of fourteen practices.

What does Audit & Accountability Mean?

Audit - Independent review and examination of records and activities to assess the adequacy of system controls, to ensure compliance with established policies and operational procedures.
Accountability - The security goal that generates the requirement for actions of an entity to be traced uniquely to that entity. This supports nonrepudiation, deterrence, fault isolation, intrusion detection and prevention, and after-action recovery and legal action.

Audit and Accountability Domain Explained

The goal of the audit and accountability domain is to record system and security logs on systems to support the monitoring, investigation, and reporting of system activity. It also seeks to ensure that system audit logs can be traced back to users so that they can be held accountable for their actions.

What are the CMMC Access Control Domain Capabilities?

  • C007: Define audit requirements
  • C008: Perform auditing
  • C009: Identify and protect audit information
  • C010: Review and manage audit logs

Examples of Audit and Accountability

Examples of audit and accountability requirements include: audit events, time stamps, nonrepudiation, protection of audit information, audit record retention, and session audit. These allow you to trace events back to a specific user, device, or process.

Discover Our NIST SP 800-171 & CMMC 2.0 Solutions:


Compliance Accelerator

Power through compliance. Meet and maintain your NIST SP 800-171 & CMMC 2.0 compliance requirements.

Quantum Assessor

Transform your business. Create new revenue streams and provide scalability for your NIST SP 800-171 and CMMC 2.0 services.

Supply Chain Verifier

Trust is everything. Verify, monitor, and support subcontactor compliance.