>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

3.3.3Audit and Accountability - Derived

Derived Requirement

>Control Description

Review and update logged events.

>Discussion

The intent of this requirement is to periodically re-evaluate which logged events will continue to be included in the list of events to be logged. The event types that are logged by organizations may change over time. Reviewing and updating the set of logged event types periodically is necessary to ensure that the current set remains necessary and sufficient.

>Cross-Framework Mappings

CMMC

AU.L2-3.3.3
Compare

SCF

CFG-02
Compare
CFG-02.1
Compare
CFG-02.9
Compare
MON-01
Compare
MON-01.16
Compare
MON-01.8
Compare
MON-02
Compare

>Assessment Interview Topics

Questions assessors commonly ask

Process & Governance:

  • What policies govern insider threat training and awareness?
  • What insider threat indicators are covered in training?
  • How often is insider threat training delivered?
  • Who is responsible for insider threat awareness programs?
  • What procedures address reporting potential insider threats?

Technical Implementation:

  • What insider threat detection technologies are deployed?
  • How do you monitor user behavior for insider threat indicators?
  • What user activity monitoring tools are implemented?
  • How are insider threat alerts generated and triaged?
  • What mechanisms correlate multiple insider threat indicators?

Evidence & Documentation:

  • Can you provide insider threat training materials?
  • What documentation shows insider threat awareness topics covered?
  • Can you demonstrate insider threat program effectiveness?
  • What incident reports show insider threat detection and response?
  • What audit evidence verifies insider threat training delivery?

Ask AI

Configure your API key to use AI features.