CMMC Practice AU.L2-3.3.3 – Event Review: Review and update logged events.
Links to Publicly Available Resources
CMMC CLARIFICATION (Ref CMMC – Appendix B)
Organizations should periodically review logged events that identify possible security incidents, and the organization should update the list of events that need to be logged as necessary. Non-security events that should have logging requirements reviewed include 1) logging all installed software on endpoints to identify license irregularities or 2) logging connections to a VPN server or load balancer to manage capacity and quality of service.