>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

AU.L2-3.3.1System Auditing

Level 2
800-171: 3.3.1

>Control Description

Create and retain system audit logs and records to the extent needed to enable the monitoring, analysis, investigation, and reporting of unlawful or unauthorized system activity.

>Cross-Framework Mappings

NIST SP 800-171

3.3.1
Compare

SCF

MON-02
Compare
MON-10
Compare

>Assessment Interview Topics

Questions assessors commonly ask

Process & Governance:

  • What is your audit logging policy and what events are required to be logged?
  • How do you determine audit log retention requirements?
  • Who is responsible for defining and maintaining audit logging requirements?
  • How often do you review audit logging policies for adequacy?
  • What governance process ensures audit requirements are implemented consistently?

Technical Implementation:

  • What systems and tools generate audit logs (SIEM, OS logs, application logs)?
  • How are audit logs centrally collected and stored?
  • What events are technically configured to be logged?
  • How do you ensure audit logs cannot be modified or deleted?
  • What technologies provide tamper-evident audit logging?
  • What log retention mechanisms implement your retention policy?

Evidence & Documentation:

  • What audit logging configuration documentation can you provide?
  • What sample audit logs demonstrate required events are logged?
  • What audit log review documentation shows periodic review?
  • What SIEM screenshots show audit log aggregation and analysis?
  • What audit retention documentation shows logs are retained per policy?
  • What evidence shows audit logs are protected from modification?

Ask AI

Configure your API key to use AI features.