Audit & Accountability
Audit & Accountability is about proof. When the assessor asks “who did what and when?” — your logs must answer.
The Three Themes
Section titled “The Three Themes”Create and Retain (3.3.1–3.3.3) — Turn on logging across all CUI systems, define what to capture, keep logs long enough to investigate, and review your logging config as threats evolve.
Correlate and Report (3.3.4–3.3.7) — Alert when logging breaks, correlate across sources to spot attack patterns, search and report on demand, and synchronize clocks so timestamps are reliable.
Protect the Logs (3.3.8–3.3.9) — Make logs tamper-proof and limit who can configure the logging system itself.
All 9 Requirements
Section titled “All 9 Requirements”| Ref | Short Name | What It Covers |
|---|---|---|
| 3.3.1 | Log Everything | Create and retain audit logs across all CUI systems |
| 3.3.2 | Trace Every Action | Every action ties to a named individual |
| 3.3.3 | Review What You Log | Periodically review and update logging configuration |
| 3.3.4 | Alert When Logging Breaks | Immediate notification on logging failures |
| 3.3.5 | Connect the Dots | Correlate logs from multiple sources |
| 3.3.6 | Search and Report | On-demand log search, filtering, and reporting |
| 3.3.7 | Sync the Clocks | NTP synchronization for consistent timestamps |
| 3.3.8 | Tamper-Proof Logs | Protect logs from modification and deletion |
| 3.3.9 | Limit Who Manages Logs | Only designated personnel configure logging |