NIST SP 800-171 & CMMC 2.0 Control 3.3.2 Requirement:

Ensure that the actions of individual system users can be uniquely traced to those users so they can be held accountable for their actions.

NIST SP 800-171 & CMMC 2.0 3.3.2 Requirement Explanation:

In the event of a security incident you will need to review system logs to trace events back to a user. If your systems are not configured to capture the appropriate logs you will not be able to identify which account committed the security incident. Collecting the necessary information in audit logs allows you to trace actions to a specific user. Collected logs may include user IDs, source and destination addresses, and time stamps. Logs should be collected from from network devices, servers, computers, and cloud resources.

Example NIST SP 800-171 & CMMC 2.0 3.3.2 Implementation:

Your systems need to capture logs that can aid in tracing actions back to a user. Your logs should capture user IDs, source and destination IP addresses, and time stamps.

NIST SP 800-171 & CMMC 2.0 3.3.2 Scenario(s):

- Scenario 1:

Alice, a system administrator wants to determine which users are connecting to her network via the VPN. To accomplish this she configures her VPN to capture the following information: Username, computer/machine name, time stamp, source and destination IP address. Using the above logs she can trace VPN connections back to a specific individual.

Discover Our NIST SP 800-171 & CMMC 2.0 Solutions:


Compliance Accelerator

Power through compliance. Meet and maintain your NIST SP 800-171 & CMMC 2.0 compliance requirements.

Quantum Assessor

Transform your business. Create new revenue streams and provide scalability for your NIST SP 800-171 and CMMC 2.0 services.

Supply Chain Verifier

Trust is everything. Verify, monitor, and support subcontactor compliance.