AU.L2-3.3.3 — Review and update logged events.
What this control requires
Review and update logged events.
Source: CMMC L2 v2.13 AU.L2-3.3.3 / NIST SP 800-171 R2 3.3.3 (official control text).
Why this matters
Logging requirements evolve as threats emerge, business processes change, and infrastructure expands. What mattered six months ago may no longer be relevant, while critical new event sources may be generating data you are not capturing. Periodic review ensures your logging strategy remains aligned with current risk, supports effective incident detection, and avoids alert fatigue from stale or low-value events. Without structured review, organizations accumulate logging blind spots or drown security teams in noise that obscures real threats.
What evidence assessors expect
Assessors typically look for: PDF, screenshot, configuration export, CSV export. FORCE coaches you through the exact implementation steps and captures each artifact in-platform.
Related controls
See your live posture on AU.L2-3.3.3.
FORCE shows where you stand on this control and walks you through closing it.
Start a free trial tenant →