>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

AU.L2-3.3.9Audit Management

Level 2
800-171: 3.3.9

>Control Description

Limit management of audit logging functionality to a subset of privileged users.

>Cross-Framework Mappings

NIST SP 800-171

3.3.9
Compare

SCF

MON-02
Compare
MON-08.2
Compare

>Assessment Interview Topics

Questions assessors commonly ask

Process & Governance:

  • What is your policy for who can manage audit logging functionality?
  • How do you determine which users should have audit management privileges?
  • What is your process for reviewing and approving audit management access?
  • How do you monitor privileged users who manage audit systems?

Technical Implementation:

  • What access controls restrict audit management to authorized privileged users?
  • How do you technically prevent normal users from modifying audit settings?
  • What role-based permissions govern audit management functions?
  • What tools enforce separation of audit management from normal operations?
  • How do you log changes to audit configurations?

Evidence & Documentation:

  • What audit logging configuration documentation can you provide?
  • What sample audit logs demonstrate required events are logged?
  • What audit log review documentation shows periodic review?
  • What SIEM screenshots show audit log aggregation and analysis?
  • What audit retention documentation shows logs are retained per policy?
  • What evidence shows audit logs are protected from modification?

Ask AI

Configure your API key to use AI features.