CMMC 1.0 Practice AU.3.046 Requirement:
Alert in the event of an audit logging process failure.
CMMC 1.0 AU.3.046 Requirement Explanation:
Audit logging process failures generally occur when the storage capacity on a syslog server is full. This means that it is no longer capturing logs sent by your other systems. Other examples include the actual syslog server itself going down due to software or hardware failures. By being alerted of failures on your syslog server enables you to quickly resolve issues without losing important event logs.
Example CMMC 1.0 AU.3.046 Implementation:
Configure your syslog server or SIEM to alert you when storage space is running low on your systlog server. Configure an alert to warn you if your syslog server is offline.
CMMC 1.0 AU.3.046 Scenario(s):
- Scenario 1:
You use a syslog server to capture the logs from all of your servers, workstations, and firewall. You receive an alert that the syslog server's hard drive is nearing capacity. If it reaches full capacity it will no longer capture new logs. To avoid this you save the old logs on another hard drive to clear space on the server.
Discover Our Cybersecurity Complaince Solutions:
NIST SP 800-171 & CMMC Compliance
Whether you need to meet and maintain your NIST SP 800-171 & CMMC 2.0 compliance requirements, help your clients meet them, or verify sub-contractor compliance we have the expertise and solution for you.
Whether you need to meet and maintain your HIPAA compliance requirements or help your clients meet them we have the expertise and solution for you.