AU.L2-3.3.3 Event Review

CMMC Practice AU.L2-3.3.3 – Event Review: Review and update logged events.

Links to Publicly Available Resources

Discussion [NIST SP 800-171 R2]
The intent of this requirement is to periodically re-evaluate which logged events will continue to be included in the list of events to be logged. The event types that are logged by organizations may change over time. Reviewing and updating the set of logged event types periodically is necessary to ensure that the current set remains necessary and sufficient.

Further Discussion
This practice is focused on the configuration of the auditing system, not the review of the audit records produced by the selected events. The review of the audit logs is covered under AU.L2-3.3.5 and AU.L2-3.3.6.