AC.L1 3.1.1 Question

old.reddit.com / @/u/StrikeZ__, https://old.reddit.com/user/StrikeZ__

Hello all, I am a new intern at a mid-size company and I have been tasked with assisting in CMMC compliance. I have been following the CMMC Assessment Guide for level 2 and I got to the part where my company needs to log processes acting on behalf of authorized users.

I had thought about it for a while and thought it would be a good idea to configure a syslog server to manage logs, however once doing so there were a crazy amount of “Microsoft Windows security auditing - filtering platform connection” logs originating from DNS, SVChost, and Isass, up to 30-40 per second. It was taking up to 10-20 GB of storage per day for some reason.

My question is - what logs are we required to keep? I haven’t wanted to just…not log these things, but whenever I go to filter I think “what if they ask for x log?”I apologize if I haven’t been looking in the right direction, I’m new to all of this CMMC stuff.

submitted by /u/StrikeZ__
[link] [comments]

published about 10 hours ago




See all items from the same source