What does AU.L2-3.3.4 mean?

CMMC Level 2 · Audit and Accountability

AU.L2-3.3.4 — Alert in the event of an audit logging process failure.

What this control requires

Alert in the event of an audit logging process failure.

Source: CMMC L2 v2.13 AU.L2-3.3.4 / NIST SP 800-171 R2 3.3.4 (official control text).

Why this matters

If your audit logging system fails silently, you lose visibility into potential breaches, unauthorized access, or compliance violations without even knowing it. This control mandates active alerting when logs stop flowing, storage fills up, or capture mechanisms break. It ensures that security teams are immediately notified when the very system designed to detect threats goes dark, preventing blind spots that attackers could exploit to cover their tracks during intrusions.

What evidence assessors expect

Assessors typically look for: screenshot, PDF. FORCE coaches you through the exact implementation steps and captures each artifact in-platform.

Related controls

03.03.04

See your live posture on AU.L2-3.3.4.

FORCE shows where you stand on this control and walks you through closing it.

Start a free trial tenant →

← All controls