Back to Control Explorer



Control Acronym



Audit And Accountability

CMMC Level


800-171 Control #


CMMC Description

Collect audit information (e.g., logs) into one or more central repositories.

CMMC Clarification

Aggregate and store audit logs in a centralized location or locations within the organization. Storing audit logs in a centralized location supports orchestration, automation, correlation, and analysis activities by enabling a full picture of the audit logs, and can support automated analysis capabilities including correlation of events across the enterprise. Ensure that the central repository has the appropriate infrastructure, including protection mechanisms, and the capacity level to meet the logging requirements of the organization. Example You are in charge of IT operations in your organization. Your responsibilities include reviewing audit logs. You consolidate all audit logs in a common format and into a centralized logging infrastructure that may consist of one or more servers. By doing this, you enable centralized analysis of your audit logs. This increases situational awareness across your network. In addition, you are able to better protect your audit logs by storing them in one centralized location.

800-171 Description

800-171 Discussion


Other Source Discussion

Aggregate and store audit logs in a central location. Central repositories enable analysis by storing audit record content needed for analysis in a common location and format. Storing audit logs in central repositories also protects audit information. The repository has the available infrastructure, capacity, and protection mechanisms to meet the organization’s audit requirements. Policy and local laws may place requirements on the location and structure of the repositories.

CIS Control References

CIS Controls v7.1 6.5

NIST 800-53 Control Ref.

NIST SP 800-53 Rev 4 AU-6(4)

CMMC Derived


NIST CSF Control References

NIST 800-171 References

Applicable FAR Clause

NIST CSF Control Reference

CERT RMM Reference


Modification of NIST 800-171B Reference

NIST 800-171B Reference

UK NCSCCyber Reference

AS ACSC Reference


Assessment Sub-Criteria 1

AU.3.048.[a] the organization defines information system components that generate audit records whose content is to be centrally managed and configured;

Assessment Sub-Criteria 2

AU.3.048.[b] the organization manages audit information in centralized repositories; and

Assessment Sub-Criteria 3

AU.3.048.[c] the central repositories have the appropriate infrastructure and capacity to meet the organizationally defined logging requirements.

Assessment Sub-Criteria 4

Assessment Sub-Criteria 5

Assessment Sub-Criteria 6

Assessment Sub-Criteria 7

Assessment Sub-Criteria 8

Assessment Sub-Criteria 9

Assessment Sub-Criteria 10

Assessment Sub-Criteria 11

Assessment Sub-Criteria 12

Assessment Sub-Criteria 13

Assessment Sub-Criteria 14

Assessment Sub-Criteria 15