CM-5(1)—Automated Access Enforcement And Audit Records
HIGH
>Control Description
a. Enforce access restrictions using [Assignment: organization-defined automated mechanisms]; and b. Automatically generate audit records of the enforcement actions.
>Supplemental Guidance
Organizations log system accesses associated with applying configuration changes to ensure that configuration change control is implemented and to support after-the-fact actions should organizations discover any unauthorized changes.