CMMC 1.0 Practice AU.3.046 Requirement:
Alert in the event of an audit logging process failure.
CMMC 1.0 AU.3.046 Requirement Explanation:
Audit logging process failures generally occur when the storage capacity on a syslog server is full. This means that it is no longer capturing logs sent by your other systems. Other examples include the actual syslog server itself going down due to software or hardware failures. By being alerted of failures on your syslog server enables you to quickly resolve issues without losing important event logs.
Example CMMC 1.0 AU.3.046 Implementation:
Configure your syslog server or SIEM to alert you when storage space is running low on your systlog server. Configure an alert to warn you if your syslog server is offline.
CMMC 1.0 AU.3.046 Scenario(s):
- Scenario 1:
You use a syslog server to capture the logs from all of your servers, workstations, and firewall. You receive an alert that the syslog server's hard drive is nearing capacity. If it reaches full capacity it will no longer capture new logs. To avoid this you save the old logs on another hard drive to clear space on the server.
Discover Our NIST SP 800-171 & CMMC 2.0 Solutions:
Power through compliance. Meet and maintain your NIST SP 800-171 & CMMC 2.0 compliance requirements.
Transform your business. Create new revenue streams and provide scalability for your NIST SP 800-171 and CMMC 2.0 services.
Supply Chain Verifier
Trust is everything. Verify, monitor, and support subcontactor compliance.