CMMC 1.0 Practice AU.2.042 Requirement:

Create and retain system audit logs and records to the extent needed to enable the monitoring, analysis, investigation, and reporting of unlawful or unauthorized system activity.

CMMC 1.0 AU.2.042 Requirement Explanation:

If a security incident occurs on your systems you will need to investigate it. To effectively investigate you will need to review audit logs. This can only be done if your systems are configured to keep important system and security logs. If you are unsure of what to capture you can use DISA STIGs as guidance.

Example CMMC 1.0 AU.2.042 Implementation:

Configure your systems need to keep audit logs especially security logs. You can use DISA STIGs to help determine which additional events to log. For example, the STIG for Windows 10 lists many audit log settings that you can implement on Windows 10.

CMMC 1.0 AU.2.042 Scenario(s):

- Scenario 1:

Alice, a system administrator wants to capture important logs on her company's Windows 10 workstations. She is doing this so that in the event of a security incident she can conduct an investigation. She decides to implement the audit log settings recommended in DISA's Windows 10 security technical implementation guide (STIG).

Discover Our NIST SP 800-171 & CMMC 2.0 Solutions:


Compliance Accelerator

Power through compliance. Meet and maintain your NIST SP 800-171 & CMMC 2.0 compliance requirements.

Quantum Assessor

Transform your business. Create new revenue streams and provide scalability for your NIST SP 800-171 and CMMC 2.0 services.

Supply Chain Verifier

Trust is everything. Verify, monitor, and support subcontactor compliance.