AU.2.044 Review audit logs.

CMMC Practice AU.2.044: Review audit logs.

Links to Publicly Available Resources

CMMC CLARIFICATION (Ref CMMC – Appendix B)

You should ensure that your organization reviews its audit logs. Logs should be checked regularly, organizations with small environments may be able to do this manually. The process of reviewing audit logs varies by organization. The intent of this practice is to become familiar with the logs being automatically created on the systems present in your organization and identify key events in the logs that might indicate malicious activity. Larger organizations may need automation to complete this task with success.