Back to Control Explorer



Control Acronym



Audit And Accountability

CMMC Level


800-171 Control #


CMMC Description

Provide audit record reduction and report generation to support on-demand analysis and reporting.

CMMC Clarification

Raw audit log data is difficult to review, analyze, and report because of the volume of data. Audit record reduction is an automated process that interprets raw audit log data and extracts meaningful and relevant information without altering the original logs. An example of log reduction for files to be analyzed would be the removal of details associated with nightly backups. Report generation on reduced log information allows you to create succinct customized reports without the need to burden the reader with unimportant information. In addition, the security relevant audit information must be made available to personnel ondemand for immediate review, analysis, reporting, and event investigation support. Peforming audit log reduction and providing on-demand reports may allow the analyst to take mitigating action before the adversary completes their malicious actions. Example You are in charge of IT operations in your organization. You are responsible for providing audit record reduction and report generation capability to effectively extract security relevant information. You either purchase or develop a capability that will collect and analyze data for signs of anomalies. The system then extracts security relevant data to provide a reduced, concise, and comprehensive view for further analysis to identify potentially malicious activity on your network. In addition to creating on-demand data sets for analysis, you create customized reports explaining the contents of the data set.

800-171 Description

Provide audit record reduction and report generation to support on- demand analysis and reporting.

800-171 Discussion

Audit record reduction is a process that manipulates collected audit information and organizes such information in a summary format that is more meaningful to analysts. Audit record reduction and report generation capabilities do not always emanate from the same system or organizational entities conducting auditing activities. Audit record reduction capability can include, for example, modern data mining techniques with advanced data filters to identify anomalous behavior in audit records. The report generation capability provided by the system can help generate customizable reports. Time ordering of audit records can be a significant issue if the granularity of the time stamp in the record is insufficient.

Other Source Discussion


CIS Control References

NIST 800-53 Control Ref.

NIST SP 800-53 Rev 4 AU-7

CMMC Derived

NIST CSF Control References

NIST 800-171 References

NIST SP 800-171 Rev 1 3.3.6

Applicable FAR Clause

NIST CSF Control Reference


CERT RMM Reference


Modification of NIST 800-171B Reference

NIST 800-171B Reference

UK NCSCCyber Reference

AS ACSC Reference


Assessment Sub-Criteria 1

AU.3.052.[a] an audit record reduction capability that supports on-demand analysis is provided; and

Assessment Sub-Criteria 2

AU.3.052.[b] a report generation capability that supports on-demand reporting is provided.

Assessment Sub-Criteria 3

Assessment Sub-Criteria 4

Assessment Sub-Criteria 5

Assessment Sub-Criteria 6

Assessment Sub-Criteria 7

Assessment Sub-Criteria 8

Assessment Sub-Criteria 9

Assessment Sub-Criteria 10

Assessment Sub-Criteria 11

Assessment Sub-Criteria 12

Assessment Sub-Criteria 13

Assessment Sub-Criteria 14

Assessment Sub-Criteria 15