CMMC Practice AU.3.049: Protect audit information and audit logging tools from unauthorized access, modification, and deletion.
CMMC CLARIFICATION (Ref CMMC – Appendix B)
Audit information is a critical record of what events occurred, the source of the events, and the outcomes of the events; this information needs to be protected. This protection starts with ensuring proper configuration of logging to ensure proper space for the needed log retention. The logs must also be properly secured so that the information may not be modified or deleted, either intentionally or unintentionally. Only those with a legitimate need-to-know should have access to audit information, whether that information is being accessed directly from logs or from audit tools.