NIST SP 800-171
Control 3.3.3
Review and Update Audited Events
CMMC-RP Certified Team
24+ Years Experience
2,500+ Clients Served
Official Requirement
Review and update logged events.
What This Means in Plain English
Periodically review which events you are logging and update your logging configuration to capture new threats or changes in your environment. What you log today may not be sufficient for tomorrow's threats.
How Petronella Implements This Control
Petronella Technology Group implements this control through:
- Quarterly review of SIEM detection rules and log source coverage by the security team
- Arctic Wolf Concierge Security Team providing ongoing tuning of detection rules
- Post-incident reviews updating logging requirements based on lessons learned
- ComplianceArmor tracking audited event categories and review dates
- Annual comprehensive audit of logging configuration against NIST 800-171 requirements
Assessment Guidance
Assessors will review documentation showing periodic review of audited events, verify that logging configuration changes are tracked, check that post-incident reviews inform logging updates, and confirm that the list of audited events is current and comprehensive.
Common Implementation Gaps
- Audit logging configured once and never reviewed
- No process for updating logged events based on new threats
- Post-incident reviews do not inform logging changes
- No documentation of which events are logged and why
- New systems deployed without audit logging configuration
Cross-Framework Mapping
| Framework | Mapped Controls |
|---|---|
| NIST SP 800-53 | AU-2(3) |
| PCI DSS | Req 10.6 - Review logs and security events |
Need Help Implementing 3.3.3?
Our CMMC-RP certified team can assess your current compliance posture and build a remediation plan.
Schedule a Compliance Assessment