Back to Control Explorer
AU.3.048
Content
Control Acronym
AU
Family
Audit And Accountability
CMMC Level
3
800-171 Control #
N/A
CMMC Description
Collect audit information (e.g., logs) into one or more central repositories.
CMMC Clarification
Aggregate and store audit logs in a centralized location or locations within the organization. Storing audit logs in a centralized location supports orchestration, automation, correlation, and analysis activities by enabling a full picture of the audit logs, and can support automated analysis capabilities including correlation of events across the enterprise. Ensure that the central repository has the appropriate infrastructure, including protection mechanisms, and the capacity level to meet the logging requirements of the organization. Example You are in charge of IT operations in your organization. Your responsibilities include reviewing audit logs. You consolidate all audit logs in a common format and into a centralized logging infrastructure that may consist of one or more servers. By doing this, you enable centralized analysis of your audit logs. This increases situational awareness across your network. In addition, you are able to better protect your audit logs by storing them in one centralized location.
800-171 Description
800-171 Discussion
N/A
Other Source Discussion
Aggregate and store audit logs in a central location. Central repositories enable analysis by storing audit record content needed for analysis in a common location and format. Storing audit logs in central repositories also protects audit information. The repository has the available infrastructure, capacity, and protection mechanisms to meet the organization’s audit requirements. Policy and local laws may place requirements on the location and structure of the repositories.
CIS Control References
CIS Controls v7.1 6.5
NIST 800-53 Control Ref.
NIST SP 800-53 Rev 4 AU-6(4)
CMMC Derived
CMMC
NIST CSF Control References
NIST 800-171 References
Applicable FAR Clause
NIST CSF Control Reference
CERT RMM Reference
CERT RMM v1.2 COMP:SG3.SP1
Modification of NIST 800-171B Reference
NIST 800-171B Reference
UK NCSCCyber Reference
AS ACSC Reference
Sub-Criterias
Assessment Sub-Criteria 1
AU.3.048.[a] the organization defines information system components that generate audit records whose content is to be centrally managed and configured;
Assessment Sub-Criteria 2
AU.3.048.[b] the organization manages audit information in centralized repositories; and
Assessment Sub-Criteria 3
AU.3.048.[c] the central repositories have the appropriate infrastructure and capacity to meet the organizationally defined logging requirements.