Part of a Collection
This article is part of the collection: The 14 CMMC Domains: A Comprehensive Guide
CMMC Deep Dive: Audit and Accountability (AU)
A guide to the Audit and Accountability (AU) domain, covering system logging, monitoring, and retaining records.
Published: June 25th, 2024By: CMMC Dashboard TeamLast updated: August 7th, 2025
Audit and AccountabilityAULoggingSIEM
This article is part of our series on The 14 CMMC Domains.
The Audit and Accountability (AU) domain is about creating a detailed record of system activity to ensure that actions can be traced back to individuals. It's the security camera system for your digital environment.
Why It Matters
Effective auditing is crucial for detecting unauthorized activity, investigating security incidents, and holding individuals accountable for their actions. Without audit logs, it's nearly impossible to reconstruct the events of a breach.
Key Practices
- AU.L2-3.3.1: Create and retain system audit logs and records.
- AU.L2-3.3.2: Ensure the actions of individual users can be uniquely traced.
- AU.L2-3.3.5: Correlate audit log review and reporting processes for investigation and response.
- AU.L2-3.3.8: Protect audit information and tools from unauthorized access, modification, and deletion.
What Assessors Look For
- An audit and accountability policy.
- System configurations demonstrating that logging is enabled for key events.
- Evidence that logs are reviewed regularly.
- Proof that logs are protected from tampering and retained according to policy.
- Demonstration of synchronized system clocks (NTP).