CMMC 1.0 Practice AU.2.041 Requirement:

Ensure that the actions of individual system users can be uniquely traced to those users so they can be held accountable for their actions.

CMMC 1.0 AU.2.041 Requirement Explanation:

In the event of a security incident you will need to review system logs to trace events back to a user. If your systems are not configured to capture the appropriate logs you will not be able to identify which account committed the security incident.

Example CMMC 1.0 AU.2.041 Implementation:

Your systems need to capture logs that can aid in tracing actions back to a user. Your logs should capture user IDs, source and destination IP addresses, and time stamps.

CMMC 1.0 AU.2.041 Scenario(s):

- Scenario 1:

Alice, a system administrator wants to determine which users are connecting to her network via the VPN. To accomplish this she configures her VPN to capture the following information: Username, computer/machine name, time stamp, source and destination IP address. Using the above logs she can trace VPN connections back to a specific individual.
 

Discover Our NIST SP 800-171 & CMMC 2.0 Solutions:

 /assets/images/app/complaince_accelerator.gif

Compliance Accelerator

Power through compliance. Meet and maintain your NIST SP 800-171 & CMMC 2.0 compliance requirements.
 /assets/images/app/quantum_accelerator.gif

Quantum Assessor

Transform your business. Create new revenue streams and provide scalability for your NIST SP 800-171 and CMMC 2.0 services.
 /assets/images/app/supply_chain_verifier.gif

Supply Chain Verifier

Trust is everything. Verify, monitor, and support subcontactor compliance.