Environmental Protection Agency – Audit and Accountability Procedure
3.3 3.3.4 Audit and Accountability
https://www.epa.gov/system/files/documents/2023-06/information_security_audit_and_accountability_procedures.pdf
This example procedure from the EPA shows how they iplement the security control requirements for the Audit and Accountability (AU) control family, as identified in NIST SP 800-53.
https://logz.io/learn/complete-guide-elk-stack/
This is an article from logz.io that speaks to defining the elk stack, the importance, installation and configuration of it.
https://www.cynet.com/incident-response/incident-response-sans-the-6-steps-in-depth/
SANS checklist for reviewing critical logs when responding to a security incident or for routine log review.
https://support.solarwinds.com/SuccessCenter/s/article/Audit-Policies-and-Best-Practices-for-LEM?language=en_US
Best practices for Windows Auditing Log monitoring and different types of windows audit logs
YouTube – CMMC 2.0 Control AU.L2-3.3.4 – Alert in the Event of an Audit Logging Process Failure
3.3 3.3.4 Audit and Accountability
https://www.youtube.com/watch?v=69uZ6j9Fdgg
This video provides an in-depth explanation of alerting in the event of an audit logging process failure.
