CMMC Practice AU.L2-3.3.6 – Reduction & Reporting: Provide audit record reduction and report generation to support on-demand analysis and reporting.
Links to Publicly Available Resources
CMMC CLARIFICATION (Ref CMMC – Appendix B)
Raw audit log data is difficult to review, analyze, and report because of the volume of data. Audit record reduction is an automated process that interprets raw audit log data and extracts meaningful and relevant information without altering the original logs. An example of log reduction for files to be analyzed would be the removal of details associated with nightly backups. Report generation on reduced log information allows you to create succinct customized reports without the need to burden the reader with unimportant information. In addition, the security relevant audit information must be made available to personnel on-demand for immediate review, analysis, reporting, and event investigation support. Peforming audit log reduction and providing on-demand reports may allow the analyst to take mitigating action before the adversary completes their malicious actions.