AU.L2-3.3.8 — Protect audit information and audit logging tools from unauthorized access, modification, and deletion.

What this control requires

Protect audit information and audit logging tools from unauthorized access, modification, and deletion.

Source: CMMC L2 v2.13 AU.L2-3.3.8 / NIST SP 800-171 R2 3.3.8 (official control text).

Why this matters

Audit logs are the organization's permanent record of who did what, when, and where in its systems. If attackers can delete logs, they erase evidence of their intrusion. If they can modify logs, they frame innocent users or hide malicious activity. If they can access logs without authorization, they learn which defenses exist and how to evade them. This control ensures audit data remains trustworthy and tamper-proof throughout its lifecycle. It protects both the log files themselves and the tools that generate, manage, and analyze them. Without these protections, the organization cannot reliably investigate incidents, prove compliance, or prosecute insider threats.

What evidence assessors expect

Assessors typically look for: screenshot, configuration export, CSV export. FORCE coaches you through the exact implementation steps and captures each artifact in-platform.

Related controls