CMMC Practice AT.L2-3.2.2 – Role-Based Training: Ensure that personnel are trained to carry out their assigned information security-related duties and responsibilities. Links to Publicly Available Resources CMMC Level 2 Assessment Guide This document provides...
CMMC Practice AT.L2-3.2.1 – Role-Based Risk Awareness: Ensure that managers, system administrators, and users of organizational systems are made aware of the security risks associated with their activities and of the applicable policies, standards, and...
CMMC Practice AU.L2-3.3.6 – Reduction & Reporting: Provide audit record reduction and report generation to support on-demand analysis and reporting. Links to Publicly Available Resources CMMC Level 2 Assessment Guide This document provides assessment...
CMMC Practice AU.L2-3.3.5 – Audit Correlation: Correlate audit record review, analysis, and reporting processes for investigation and response to indications of unlawful, unauthorized, suspicious, or unusual activity. Links to Publicly Available Resources CMMC...
CMMC Practice AU.L2-3.3.9 – Audit Management: Limit management of audit logging functionality to a subset of privileged users. Links to Publicly Available Resources BrightTALK – Log Management: Achieving Compliance Objectives This video discusses common...
CMMC Practice AU.L2-3.3.8 – Audit Protection: Protect audit information and audit logging tools from unauthorized access, modification, and deletion. Links to Publicly Available Resources BrightTALK – Log Management: Achieving Compliance Objectives...
