Audit & Accountability
Audit and Accountability is about keeping the records that let you, and an assessor, reconstruct what happened on your systems. If something goes wrong, logs are the difference between knowing and guessing.
The 9 Audit & Accountability requirements
29 assessment objectives across this family.
- 3.3.1System AuditingCreate and retain system audit logs and records to the extent needed to enable the monitoring, analysis, investigation, and reporting of unlawful or unauthorized system activity.5 pt✕ POA&M
- 3.3.2User AccountabilityEnsure that the actions of individual system users can be uniquely traced to those users so they can be held accountable for their actions.3 pt✕ POA&M
- 3.3.3Event ReviewReview and update logged events.1 pt
- 3.3.4Audit Failure AlertingAlert in the event of an audit logging process failure.1 pt
- 3.3.5Audit CorrelationCorrelate audit record review, analysis, and reporting processes for investigation and response to indications of unlawful, unauthorized, suspicious, or unusual activity.5 pt✕ POA&M
- 3.3.6Reduction & ReportingProvide audit record reduction and report generation to support on- demand analysis and reporting.1 pt
- 3.3.7Authoritative Time SourceProvide a system capability that compares and synchronizes internal system clocks with an authoritative source to generate time stamps for audit records.1 pt
- 3.3.8Audit ProtectionProtect audit information and audit logging tools from unauthorized access, modification, and deletion.1 pt
- 3.3.9Audit ManagementLimit management of audit logging functionality to a subset of privileged users.1 pt
Build Audit & Accountability, and all 14 families, with an officer
The Level 2 Accelerator walks all 110 requirements with you, generates your SSP, POA&M, and Audit Room from real evidence, includes the full Level 1 platform, and puts a credentialed officer alongside you for 180 days. Filed in 180 days, or we work free until you are.
No credit card. Phase 2 begins Nov 10, 2026, when applicable DoD solicitations start requiring a current Level 2 status to win the award.
Questions, answered
How many CMMC Level 2 requirements are in Audit & Accountability?+
The Audit & Accountability family (AU) has 9 of the 110 CMMC Level 2 requirements, assessed against 29 objectives from NIST SP 800-171A.
What is the Audit & Accountability family about?+
Audit and Accountability is about keeping the records that let you, and an assessor, reconstruct what happened on your systems. If something goes wrong, logs are the difference between knowing and guessing.