03.03.03 — (a) Generate audit records for the selected event types and audit record content specified in 03.03.01 and 03.03.02. (b) Retain audit records for a time period consistent with the records retention policy.

What this control requires

(a) Generate audit records for the selected event types and audit record content specified in 03.03.01 and 03.03.02. (b) Retain audit records for a time period consistent with the records retention policy.

Source: NIST SP 800-171 R3 §03.03.03 (official control text).

Why this matters

Audit record generation is the foundation of security monitoring and incident response. Without comprehensive logging, organizations cannot detect unauthorized access, investigate breaches, or prove compliance during assessments. This control ensures systems automatically capture security-relevant events—login attempts, file access, configuration changes, privilege escalations—and retain those records long enough to support forensic analysis and legal requirements. Adversaries specifically target logging systems to cover their tracks, so robust audit generation with protected retention directly counters this tactic. The records you generate today become the evidence you need tomorrow when investigating suspicious activity or demonstrating due diligence to assessors.

What evidence assessors expect

Assessors typically look for: configuration export, screenshot, PDF, CSV export. FORCE coaches you through the exact implementation steps and captures each artifact in-platform.

Related controls