ABCDEFGHIJKLMNOPQRSTUVWXYZ
1
Control GroupControl IDControl NameControl DefinitionAssessment Objective IDAssessment Objective DefinitionNIST Reference (per CMMC L2 Assessment Guide)FAR Clause Reference (per CMMC L2 Assessment Guide)
2
Access ControlAC.L2-3.1.1Authorized Access Control [CUI Data]Limit system access to authorized users, processes acting on behalf of authorized users, and devices (including other systems)aDetermine if authorized users are identifiedNIST SP 800-171 Rev. 2 3.1.1FAR Clause 52.204-21 b.1.i
3
Access ControlAC.L2-3.1.1Authorized Access Control [CUI Data]Limit system access to authorized users, processes acting on behalf of authorized users, and devices (including other systems)bDetermine if processes acting on behalf of authorized users are identifiedNIST SP 800-171 Rev. 2 3.1.1FAR Clause 52.204-21 b.1.i
4
Access ControlAC.L2-3.1.1Authorized Access Control [CUI Data]Limit system access to authorized users, processes acting on behalf of authorized users, and devices (including other systems)cDetermine if devices (and other systems) authorized to connect to the system are identifiedNIST SP 800-171 Rev. 2 3.1.1FAR Clause 52.204-21 b.1.i
5
Access ControlAC.L2-3.1.1Authorized Access Control [CUI Data]Limit system access to authorized users, processes acting on behalf of authorized users, and devices (including other systems)dDetermine if system access is limited to authorized usersNIST SP 800-171 Rev. 2 3.1.1FAR Clause 52.204-21 b.1.i
6
Access ControlAC.L2-3.1.1Authorized Access Control [CUI Data]Limit system access to authorized users, processes acting on behalf of authorized users, and devices (including other systems)eDetermine if system access is limited to processes acting on behalf of authorized usersNIST SP 800-171 Rev. 2 3.1.1FAR Clause 52.204-21 b.1.i
7
Access ControlAC.L2-3.1.1Authorized Access Control [CUI Data]Limit system access to authorized users, processes acting on behalf of authorized users, and devices (including other systems)fDetermine if system access is limited to authorized devices (including other systems)NIST SP 800-171 Rev. 2 3.1.1FAR Clause 52.204-21 b.1.i
8
Access ControlAC.L2-3.1.2Transaction & Function ControlLimit system access to the types of transactions and functions that authorized users are permitted to executeaDetermine if the types of transactions and functions that authorized users are permitted to execute are definedNIST SP 800-171 Rev. 2 3.1.2FAR Clause 52.204-21 b.1.ii
9
Access ControlAC.L2-3.1.2Transaction & Function ControlLimit system access to the types of transactions and functions that authorized users are permitted to executebDetermine if system access is limited to the defined types of transactions and functions for authorized usersNIST SP 800-171 Rev. 2 3.1.2FAR Clause 52.204-21 b.1.ii
10
Access ControlAC.L2-3.1.3Control CUI FlowControl the flow of CUI in accordance with approved authorizationsaDetermine if information flow control policies are definedNIST SP 800-171 Rev. 2 3.1.3
11
Access ControlAC.L2-3.1.3Control CUI FlowControl the flow of CUI in accordance with approved authorizationsbDetermine if methods and enforcement mechanisms for controlling the flow of CUI are definedNIST SP 800-171 Rev. 2 3.1.3
12
Access ControlAC.L2-3.1.3Control CUI FlowControl the flow of CUI in accordance with approved authorizationscDetermine if designated sources and destinations (e.g., networks, individuals, and devices) for CUI within the system and between interconnected systems are identifiedNIST SP 800-171 Rev. 2 3.1.3
13
Access ControlAC.L2-3.1.3Control CUI FlowControl the flow of CUI in accordance with approved authorizationsdDetermine if authorizations for controlling the flow of CUI are definedNIST SP 800-171 Rev. 2 3.1.3
14
Access ControlAC.L2-3.1.3Control CUI FlowControl the flow of CUI in accordance with approved authorizationseDetermine if approved authorizations for controlling the flow of CUI are enforcedNIST SP 800-171 Rev. 2 3.1.3
15
Access ControlAC.L2-3.1.4Separation of DutiesSeparate the duties of individuals to reduce the risk of malevolent activity without collusionaDetermine if the duties of individuals requiring separation are definedNIST SP 800-171 Rev. 2 3.1.4
16
Access ControlAC.L2-3.1.4Separation of DutiesSeparate the duties of individuals to reduce the risk of malevolent activity without collusionbDetermine if responsibilities for duties that require separation are assigned to separate individualsNIST SP 800-171 Rev. 2 3.1.4
17
Access ControlAC.L2-3.1.4Separation of DutiesSeparate the duties of individuals to reduce the risk of malevolent activity without collusioncDetermine if access privileges that enable individuals to exercise the duties that require separation are granted to separate individualsNIST SP 800-171 Rev. 2 3.1.4
18
Access ControlAC.L2-3.1.5Least PrivilegeEmploy the principle of least privilege, including for specific security functions and privileged accountsaDetermine if privileged accounts are identifiedNIST SP 800-171 Rev. 2 3.1.5
19
Access ControlAC.L2-3.1.5Least PrivilegeEmploy the principle of least privilege, including for specific security functions and privileged accountsbDetermine if access to privileged accounts is authorized in accordance with the principle of least privilegeNIST SP 800-171 Rev. 2 3.1.5
20
Access ControlAC.L2-3.1.5Least PrivilegeEmploy the principle of least privilege, including for specific security functions and privileged accountscDetermine if security functions are identifiedNIST SP 800-171 Rev. 2 3.1.5
21
Access ControlAC.L2-3.1.5Least PrivilegeEmploy the principle of least privilege, including for specific security functions and privileged accountsdDetermine if access to security functions is authorized in accordance with the principle of least privilegeNIST SP 800-171 Rev. 2 3.1.5
22
Access ControlAC.L2-3.1.6Non-Privileged Account UseUse non-privileged accounts or roles when accessing nonsecurity functionsaDetermine if nonsecurity functions are identifiedNIST SP 800-171 Rev. 2 3.1.6
23
Access ControlAC.L2-3.1.6Non-Privileged Account UseUse non-privileged accounts or roles when accessing nonsecurity functionsbDetermine if users are required to use non-privileged accounts or roles when accessing nonsecurity functionsNIST SP 800-171 Rev. 2 3.1.6
24
Access ControlAC.L2-3.1.7Privileged FunctionsPrevent non-privileged users from executing privileged functions and capture the execution of such functions in audit logsaDetermine if privileged functions are definedNIST SP 800-171 Rev. 2 3.1.7
25
Access ControlAC.L2-3.1.7Privileged FunctionsPrevent non-privileged users from executing privileged functions and capture the execution of such functions in audit logsbDetermine if non-privileged users are definedNIST SP 800-171 Rev. 2 3.1.7
26
Access ControlAC.L2-3.1.7Privileged FunctionsPrevent non-privileged users from executing privileged functions and capture the execution of such functions in audit logscDetermine if non-privileged users are prevented from executing privileged functionsNIST SP 800-171 Rev. 2 3.1.7
27
Access ControlAC.L2-3.1.7Privileged FunctionsPrevent non-privileged users from executing privileged functions and capture the execution of such functions in audit logsdDetermine if the execution of privileged functions is captured in audit logsNIST SP 800-171 Rev. 2 3.1.7
28
Access ControlAC.L2-3.1.8Unsuccessful Logon AttemptsLimit unsuccessful logon attemptsaDetermine if the means of limiting unsuccessful logon attempts is definedNIST SP 800-171 Rev. 2 3.1.8
29
Access ControlAC.L2-3.1.8Unsuccessful Logon AttemptsLimit unsuccessful logon attemptsbDetermine if the defined means of limiting unsuccessful logon attempts is implementedNIST SP 800-171 Rev. 2 3.1.8
30
Access ControlAC.L2-3.1.9Privacy & Security NoticesProvide privacy and security notices consistent with applicable CUI rulesaDetermine if privacy and security notices required by CUI-specified rules are identified, consistent, and associated with the specific CUI categoryNIST SP 800-171 Rev. 2 3.1.9
31
Access ControlAC.L2-3.1.9Privacy & Security NoticesProvide privacy and security notices consistent with applicable CUI rulesbDetermine if privacy and security notices are displayedNIST SP 800-171 Rev. 2 3.1.9
32
Access ControlAC.L2-3.1.10Session LockUse session lock with pattern-hiding displays to prevent access and viewing of data after a period of inactivityaDetermine if the period of inactivity after which the system initiates a session lock is definedNIST SP 800-171 Rev. 2 3.1.10
33
Access ControlAC.L2-3.1.10Session LockUse session lock with pattern-hiding displays to prevent access and viewing of data after a period of inactivitybDetermine if access to the system and viewing of data is prevented by initiating a session lock after the defined period of inactivityNIST SP 800-171 Rev. 2 3.1.10
34
Access ControlAC.L2-3.1.10Session LockUse session lock with pattern-hiding displays to prevent access and viewing of data after a period of inactivitycDetermine if previously visible information is concealed via a pattern-hiding display after the defined period of inactivityNIST SP 800-171 Rev. 2 3.1.10
35
Access ControlAC.L2-3.1.11Session TerminationTerminate (automatically) a user session after a defined conditionaDetermine if conditions requiring a user session to terminate are definedNIST SP 800-171 Rev. 2 3.1.11
36
Access ControlAC.L2-3.1.11Session TerminationTerminate (automatically) a user session after a defined conditionbDetermine if a user session is automatically terminated after any of the defined conditions occurNIST SP 800-171 Rev. 2 3.1.11
37
Access ControlAC.L2-3.1.12Control Remote AccessMonitor and control remote access sessionsaDetermine if remote access sessions are permittedNIST SP 800-171 Rev. 2 3.1.12
38
Access ControlAC.L2-3.1.12Control Remote AccessMonitor and control remote access sessionsbDetermine if the types of permitted remote access are identifiedNIST SP 800-171 Rev. 2 3.1.12
39
Access ControlAC.L2-3.1.12Control Remote AccessMonitor and control remote access sessionscDetermine if remote access sessions are controlledNIST SP 800-171 Rev. 2 3.1.12
40
Access ControlAC.L2-3.1.12Control Remote AccessMonitor and control remote access sessionsdDetermine if remote access sessions are monitoredNIST SP 800-171 Rev. 2 3.1.12
41
Access ControlAC.L2-3.1.13Remote Access ConfidentialityEmploy cryptographic mechanisms to protect the confidentiality of remote access sessionsaDetermine if cryptographic mechanisms to protect the confidentiality of remote access sessions are identifiedNIST SP 800-171 Rev. 2 3.1.13
42
Access ControlAC.L2-3.1.13Remote Access ConfidentialityEmploy cryptographic mechanisms to protect the confidentiality of remote access sessionsbDetermine if cryptographic mechanisms to protect the confidentiality of remote access sessions are implementedNIST SP 800-171 Rev. 2 3.1.13
43
Access ControlAC.L2-3.1.14Remote Access RoutingRoute remote access via managed access control pointsaDetermine if managed access control points are identified and implementedNIST SP 800-171 Rev. 2 3.1.14
44
Access ControlAC.L2-3.1.14Remote Access RoutingRoute remote access via managed access control pointsbDetermine if remote access is routed through managed network access control pointsNIST SP 800-171 Rev. 2 3.1.14
45
Access ControlAC.L2-3.1.15Privileged Remote AccessAuthorize remote execution of privileged commands and remote access to security-relevant informationaDetermine if privileged commands authorized for remote execution are identifiedNIST SP 800-171 Rev. 2 3.1.15
46
Access ControlAC.L2-3.1.15Privileged Remote AccessAuthorize remote execution of privileged commands and remote access to security-relevant informationbDetermine if security-relevant information authorized to be accessed remotely is identifiedNIST SP 800-171 Rev. 2 3.1.15
47
Access ControlAC.L2-3.1.15Privileged Remote AccessAuthorize remote execution of privileged commands and remote access to security-relevant informationcDetermine if the execution of the identified privileged commands via remote access is authorizedNIST SP 800-171 Rev. 2 3.1.15
48
Access ControlAC.L2-3.1.15Privileged Remote AccessAuthorize remote execution of privileged commands and remote access to security-relevant informationdDetermine if access to the identified security-relevant information via remote access is authorizedNIST SP 800-171 Rev. 2 3.1.15
49
Access ControlAC.L2-3.1.16Wireless Access AuthorizationAuthorize wireless access prior to allowing such connectionsaDetermine if wireless access points are identifiedNIST SP 800-171 Rev. 2 3.1.16
50
Access ControlAC.L2-3.1.16Wireless Access AuthorizationAuthorize wireless access prior to allowing such connectionsbDetermine if wireless access is authorized prior to allowing such connectionsNIST SP 800-171 Rev. 2 3.1.16
51
Access ControlAC.L2-3.1.17Wireless Access ProtectionProtect wireless access using authentication and encryptionaDetermine if wireless access to the system is protected using authenticationNIST SP 800-171 Rev. 2 3.1.17
52
Access ControlAC.L2-3.1.17Wireless Access ProtectionProtect wireless access using authentication and encryptionbDetermine if wireless access to the system is protected using encryptionNIST SP 800-171 Rev. 2 3.1.17
53
Access ControlAC.L2-3.1.18Mobile Device ConnectionControl connection of mobile devicesaDetermine if mobile devices that process, store, or transmit CUI are identifiedNIST SP 800-171 Rev. 2 3.1.18
54
Access ControlAC.L2-3.1.18Mobile Device ConnectionControl connection of mobile devicesbDetermine if mobile device connections are authorizedNIST SP 800-171 Rev. 2 3.1.18
55
Access ControlAC.L2-3.1.18Mobile Device ConnectionControl connection of mobile devicescDetermine if mobile device connections are monitored and loggedNIST SP 800-171 Rev. 2 3.1.18
56
Access ControlAC.L2-3.1.19Encrypt CUI on MobileEncrypt CUI on mobile devices and mobile computing platformsaDetermine if mobile devices and mobile computing platforms that process, store, or transmit CUI are identifiedNIST SP 800-171 Rev. 2 3.1.19
57
Access ControlAC.L2-3.1.19Encrypt CUI on MobileEncrypt CUI on mobile devices and mobile computing platformsbDetermine if encryption is employed to protect CUI on identified mobile devices and mobile computing platformsNIST SP 800-171 Rev. 2 3.1.19
58
Access ControlAC.L2-3.1.20External Connections [CUI Data]Verify and control/limit connections to and use of external systemsaDetermine if connections to external systems are identifiedNIST SP 800-171 Rev. 2 3.1.20FAR Clause 52.204-21 b.1.iii
59
Access ControlAC.L2-3.1.20External Connections [CUI Data]Verify and control/limit connections to and use of external systemsbDetermine if the use of external systems is identifiedNIST SP 800-171 Rev. 2 3.1.20FAR Clause 52.204-21 b.1.iii
60
Access ControlAC.L2-3.1.20External Connections [CUI Data]Verify and control/limit connections to and use of external systemscDetermine if connections to external systems are verifiedNIST SP 800-171 Rev. 2 3.1.20FAR Clause 52.204-21 b.1.iii
61
Access ControlAC.L2-3.1.20External Connections [CUI Data]Verify and control/limit connections to and use of external systemsdDetermine if the use of external systems is verifiedNIST SP 800-171 Rev. 2 3.1.20FAR Clause 52.204-21 b.1.iii
62
Access ControlAC.L2-3.1.20External Connections [CUI Data]Verify and control/limit connections to and use of external systemseDetermine if connections to external systems are controlled/limitedNIST SP 800-171 Rev. 2 3.1.20FAR Clause 52.204-21 b.1.iii
63
Access ControlAC.L2-3.1.20External Connections [CUI Data]Verify and control/limit connections to and use of external systemsfDetermine if the use of external systems is controlled/limitedNIST SP 800-171 Rev. 2 3.1.20FAR Clause 52.204-21 b.1.iii
64
Access ControlAC.L2-3.1.21Portable Storage UseLimit use of portable storage devices on external systemsaDetermine if the use of portable storage devices containing CUI on external systems is identified and documentedNIST SP 800-171 Rev. 2 3.1.21
65
Access ControlAC.L2-3.1.21Portable Storage UseLimit use of portable storage devices on external systemsbDetermine if limits on the use of portable storage devices containing CUI on external systems are definedNIST SP 800-171 Rev. 2 3.1.21
66
Access ControlAC.L2-3.1.21Portable Storage UseLimit use of portable storage devices on external systemscDetermine if the use of portable storage devices containing CUI on external systems is limited as definedNIST SP 800-171 Rev. 2 3.1.21
67
Access ControlAC.L2-3.1.22Control Public Information [CUI Data]Control CUI posted or processed on publicly accessible systemsaDetermine if individuals authorized to post or process information on publicly accessible systems are identifiedNIST SP 800-171 Rev. 2 3.1.22FAR Clause 52.204-21 b.1.iv
68
Access ControlAC.L2-3.1.22Control Public Information [CUI Data]Control CUI posted or processed on publicly accessible systemsbDetermine if procedures to ensure CUI is not posted or processed on publicly accessible systems are identifiedNIST SP 800-171 Rev. 2 3.1.22FAR Clause 52.204-21 b.1.iv
69
Access ControlAC.L2-3.1.22Control Public Information [CUI Data]Control CUI posted or processed on publicly accessible systemscDetermine if a review process is in place prior to posting of any content to publicly accessible systemsNIST SP 800-171 Rev. 2 3.1.22FAR Clause 52.204-21 b.1.iv
70
Access ControlAC.L2-3.1.22Control Public Information [CUI Data]Control CUI posted or processed on publicly accessible systemsdDetermine if content on publicly accessible systems is reviewed to ensure that it does not include CUINIST SP 800-171 Rev. 2 3.1.22FAR Clause 52.204-21 b.1.iv
71
Access ControlAC.L2-3.1.22Control Public Information [CUI Data]Control CUI posted or processed on publicly accessible systemseDetermine if mechanisms are in place to remove and address improper posting of CUINIST SP 800-171 Rev. 2 3.1.22FAR Clause 52.204-21 b.1.iv
72
Awareness and TrainingAT.L2-3.2.1Role-Based Risk AwarenessEnsure that managers, systems administrators, and users of organizational systems are made aware of the security risks associated with their activities and of the applicable policies, standards, and procedures related to the security of those systemsaDetermine if security risks associated with organizational activities involving CUI are identifiedNIST SP 800-171 Rev. 2 3.2.1
73
Awareness and TrainingAT.L2-3.2.1Role-Based Risk AwarenessEnsure that managers, systems administrators, and users of organizational systems are made aware of the security risks associated with their activities and of the applicable policies, standards, and procedures related to the security of those systemsbDetermine if policies, standards, and procedures related to the security of the system are identifiedNIST SP 800-171 Rev. 2 3.2.1
74
Awareness and TrainingAT.L2-3.2.1Role-Based Risk AwarenessEnsure that managers, systems administrators, and users of organizational systems are made aware of the security risks associated with their activities and of the applicable policies, standards, and procedures related to the security of those systemscDetermine if managers, systems administrators, and users of the system are made aware of the security risks associated with their activitiesNIST SP 800-171 Rev. 2 3.2.1
75
Awareness and TrainingAT.L2-3.2.1Role-Based Risk AwarenessEnsure that managers, systems administrators, and users of organizational systems are made aware of the security risks associated with their activities and of the applicable policies, standards, and procedures related to the security of those systemsdDetermine if managers, systems administrators, and users of the system are made aware of the applicable policies, standards, and procedures related to the security of the systemNIST SP 800-171 Rev. 2 3.2.1
76
Awareness and TrainingAT.L2-3.2.2Role-Based TrainingEnsure that personnel are trained to carry out their assigned information security-related duties and responsibilitiesaDetermine if information security-related duties, roles, and responsibilities are definedNIST SP 800-171 Rev. 2 3.2.2
77
Awareness and TrainingAT.L2-3.2.2Role-Based TrainingEnsure that personnel are trained to carry out their assigned information security-related duties and responsibilitiesbDetermine if information security-related duties, roles, and responsibilities are assigned to designated personnelNIST SP 800-171 Rev. 2 3.2.2
78
Awareness and TrainingAT.L2-3.2.2Role-Based TrainingEnsure that personnel are trained to carry out their assigned information security-related duties and responsibilitiescDetermine if personnel are adequately trained to carry out their assigned information security- related duties, roles, and responsibilitiesNIST SP 800-171 Rev. 2 3.2.2
79
Awareness and TrainingAT.L2-3.2.3Insider Threat AwarenessProvide security awareness training on recognizing and reporting potential indicators of insider threataDetermine if potential indicators associated with insider threats are identifiedNIST SP 800-171 Rev. 2 3.2.3
80
Awareness and TrainingAT.L2-3.2.3Insider Threat AwarenessProvide security awareness training on recognizing and reporting potential indicators of insider threatbDetermine if security awareness training on recognizing and reporting potential indicators of insider threat is provided to managers and employeesNIST SP 800-171 Rev. 2 3.2.3
81
Audit and AccountabilityAU.L2-3.3.1System AuditingCreate and retain system audit logs and records to the extent needed to enable the monitoring, analysis, investigation, and reporting of unlawful or unauthorized system activityaDetermine if audit logs needed (i.e., event types to be logged) to enable the monitoring, analysis, investigation, and reporting of unlawful or unauthorized system activity are specifiedNIST SP 800-171 Rev. 2 3.3.1
82
Audit and AccountabilityAU.L2-3.3.1System AuditingCreate and retain system audit logs and records to the extent needed to enable the monitoring, analysis, investigation, and reporting of unlawful or unauthorized system activitybDetermine if the content of audit records needed to support monitoring, analysis, investigation, and reporting of unlawful or unauthorized system activity is definedNIST SP 800-171 Rev. 2 3.3.1
83
Audit and AccountabilityAU.L2-3.3.1System AuditingCreate and retain system audit logs and records to the extent needed to enable the monitoring, analysis, investigation, and reporting of unlawful or unauthorized system activitycDetermine if audit records are created (generated)NIST SP 800-171 Rev. 2 3.3.1
84
Audit and AccountabilityAU.L2-3.3.1System AuditingCreate and retain system audit logs and records to the extent needed to enable the monitoring, analysis, investigation, and reporting of unlawful or unauthorized system activitydDetermine if audit records, once created, contain the defined contentNIST SP 800-171 Rev. 2 3.3.1
85
Audit and AccountabilityAU.L2-3.3.1System AuditingCreate and retain system audit logs and records to the extent needed to enable the monitoring, analysis, investigation, and reporting of unlawful or unauthorized system activityeDetermine if retention requirements for audit records are definedNIST SP 800-171 Rev. 2 3.3.1
86
Audit and AccountabilityAU.L2-3.3.1System AuditingCreate and retain system audit logs and records to the extent needed to enable the monitoring, analysis, investigation, and reporting of unlawful or unauthorized system activityfDetermine if audit records are retained as definedNIST SP 800-171 Rev. 2 3.3.1
87
Audit and AccountabilityAU.L2-3.3.2User AccountabilityEnsure that the actions of individual system users can be uniquely traced to those users so they can be held accountable for their actionsaDetermine if the content of the audit records needed to support the ability to uniquely trace users to their actions is definedNIST SP 800-171 Rev. 2 3.3.2
88
Audit and AccountabilityAU.L2-3.3.2User AccountabilityEnsure that the actions of individual system users can be uniquely traced to those users so they can be held accountable for their actionsbDetermine if audit records, once created, contain the defined contentNIST SP 800-171 Rev. 2 3.3.2
89
Audit and AccountabilityAU.L2-3.3.3Event ReviewReview and update logged eventsaDetermine if a process for determining when to review logged events is definedNIST SP 800-171 Rev. 2 3.3.3
90
Audit and AccountabilityAU.L2-3.3.3Event ReviewReview and update logged eventsbDetermine if event types being logged are reviewed in accordance with the defined review processNIST SP 800-171 Rev. 2 3.3.3
91
Audit and AccountabilityAU.L2-3.3.3Event ReviewReview and update logged eventscDetermine if event types being logged are updated based on the reviewNIST SP 800-171 Rev. 2 3.3.3
92
Audit and AccountabilityAU.L2-3.3.4Audit Failure AlertingAlert in the event of an audit logging process failureaDetermine if personnel or roles to be alerted in the event of an audit logging process failure are identifiedNIST SP 800-171 Rev. 2 3.3.4
93
Audit and AccountabilityAU.L2-3.3.4Audit Failure AlertingAlert in the event of an audit logging process failurebDetermine if types of audit logging process failures for which alert will be generated are definedNIST SP 800-171 Rev. 2 3.3.4
94
Audit and AccountabilityAU.L2-3.3.4Audit Failure AlertingAlert in the event of an audit logging process failurecDetermine if identified personnel or roles are alerted in the event of an audit logging process failureNIST SP 800-171 Rev. 2 3.3.4
95
Audit and AccountabilityAU.L2-3.3.5Audit CorrelationCorrelate audit record review, analysis, and reporting processes for investigation and response to indications of unlawful, unauthorized, suspicious, or unusual activityaDetermine if audit record review, analysis, and reporting processes for investigation and response to indications of unlawful, unauthorized, suspicious, or unusual activity are definedNIST SP 800-171 Rev. 2 3.3.5
96
Audit and AccountabilityAU.L2-3.3.5Audit CorrelationCorrelate audit record review, analysis, and reporting processes for investigation and response to indications of unlawful, unauthorized, suspicious, or unusual activitybDetermine if defined audit record review, analysis, and reporting processes are correlatedNIST SP 800-171 Rev. 2 3.3.5
97
Audit and AccountabilityAU.L2-3.3.6Reduction & ReportingProvide audit record reduction and report generation to support on-demand analysis and reportingaDetermine if an audit record reduction capability that supports on-demand analysis is providedNIST SP 800-171 Rev. 2 3.3.6
98
Audit and AccountabilityAU.L2-3.3.6Reduction & ReportingProvide audit record reduction and report generation to support on-demand analysis and reportingbDetermine if a report generation capability that supports on-demand reporting is providedNIST SP 800-171 Rev. 2 3.3.6
99
Audit and AccountabilityAU.L2-3.3.7Authoritative Time SourceProvide a system capability that compares and synchronizes internal system clocks with an authoritative source to generate time stamps for audit recordsaDetermine if internal system clocks are used to generate time stamps for audit recordsNIST SP 800-171 Rev. 2 3.3.7
100
Audit and AccountabilityAU.L2-3.3.7Authoritative Time SourceProvide a system capability that compares and synchronizes internal system clocks with an authoritative source to generate time stamps for audit recordsbDetermine if an authoritative source with which to compare and synchronize internal system clocks is specifiedNIST SP 800-171 Rev. 2 3.3.7