>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

AU.L2-3.3.3Event Review

Level 2
800-171: 3.3.3

>Control Description

Review and update logged events.

>Cross-Framework Mappings

NIST SP 800-171

3.3.3
Compare

SCF

CFG-02
Compare
CFG-02.1
Compare
CFG-02.9
Compare
MON-01
Compare
MON-01.16
Compare
MON-01.8
Compare
MON-02
Compare

>Assessment Interview Topics

Questions assessors commonly ask

Process & Governance:

  • What is your process for reviewing which events should be logged?
  • How frequently do you update audit logging configurations?
  • Who is responsible for reviewing and approving changes to logged events?
  • How do you ensure logged events remain relevant to security monitoring needs?

Technical Implementation:

  • What tools allow you to review and modify audit logging configurations?
  • How do you technically update which events are logged?
  • What mechanisms allow you to add or remove logged event types?
  • How do you centrally manage logging configurations across systems?
  • What tools verify logging configurations match requirements?

Evidence & Documentation:

  • What audit logging configuration documentation can you provide?
  • What sample audit logs demonstrate required events are logged?
  • What audit log review documentation shows periodic review?
  • What SIEM screenshots show audit log aggregation and analysis?
  • What audit retention documentation shows logs are retained per policy?
  • What evidence shows audit logs are protected from modification?

Ask AI

Configure your API key to use AI features.