Requisitos de Registro CMMC Controles del Dominio AU Mapeados a Access Gate.
El dominio AU en CMMC Nivel 2 mapea a nueve controles NIST 800-171. La mayoría de los fallos C3PAO en este dominio se remontan a una causa: la organización capturó registros pero no puede probar inviolabilidad, retención o atribución a nivel de sesión. Esta página mapea cada control AU a la evidencia específica que Access Gate genera.
Por qué fallan la mayoría de las implementaciones de registro CMMC en auditoría.
Un SIEM que ingiere syslog de firewall no es suficiente. El dominio AU requiere registros por usuario, por sesión, a prueba de manipulación que sobreviven a una revisión forense. Access Gate genera la evidencia de auditoría que el dominio AU requiere. Cada sesión se registra en el proxy con identidad de usuario, marca de tiempo, activo, protocolo y reproducción completa de la sesión. Los registros son a prueba de manipulación mediante encadenamiento por hash y firma validada FIPS. La retención por defecto es de 90 días en las instalaciones, exportable a su SIEM o almacenamiento aislado.
AU.L2-3.3.1 a 3.3.9.
Cada control a continuación lista lo que CMMC requiere, lo que Access Gate produce como evidencia y el artefacto específico que su C3PAO revisará.
Create and retain system audit logs and records to enable monitoring, analysis, investigation, and reporting of unlawful or unauthorized system activity.
Access Gate logs every proxied session with user, timestamp, source/destination, protocol, and full session payload (when enabled). Logs are written to an append-only store with hash chaining; tampering breaks the chain and is flagged on read.
Ensure that the actions of individual system users can be uniquely traced to those users so they can be held accountable for their actions.
Every session is bound to an authenticated identity at the proxy boundary. Service accounts and shared credentials are blocked by policy. The audit record names the human user who initiated the session, even when the underlying asset uses a shared credential.
Review and update logged events.
Access Gate's logged event taxonomy is policy-driven and version-controlled. Updates ship with each release with a documented changelog suitable for inclusion in your SSP.
Alert in the event of an audit logging process failure.
Access Gate self-monitors the log pipeline. Failure to write to the store, exhaustion of disk space, or loss of connection to a forwarded SIEM all generate immediate alerts via syslog, webhook, or email.
Correlate audit record review, analysis, and reporting processes for investigation and response to indications of unlawful, unauthorized, suspicious, or unusual activity.
Access Gate exports normalized, structured logs (CEF, JSON, syslog) suitable for SIEM correlation. Built-in dashboards group sessions by user, asset, and time window for in-tool review when no external SIEM is deployed.
Provide audit record reduction and report generation to support on-demand analysis and reporting.
Access Gate generates pre-built C3PAO evidence packages on demand: per-user activity reports, per-asset access histories, and policy-violation summaries. Output formats are CSV, PDF, and structured JSON.
Provide a system capability that compares and synchronizes internal system clocks with an authoritative source to generate time stamps for audit records.
Access Gate runs NTP synchronization against operator-configured time sources by default. Time drift exceeding policy thresholds is logged and alerted.
Protect audit information and audit logging tools from unauthorized access, modification, and deletion.
Audit storage is segregated from operational data and access-controlled by RBAC. Hash-chained records prevent silent modification. Logs can be FIPS-signed and forwarded to write-once storage for jurisdictions that require it.
Limit management of audit logging functionality to a subset of privileged users.
Audit configuration is gated behind a dedicated 'audit-admin' role distinct from system administration. Changes to audit policy themselves generate audit records, providing accountability for the auditors.
Vea su evidencia del dominio AU en 30 minutos.
Solicite una sesión de trabajo con nuestro equipo de cumplimiento. Le mostraremos los paquetes de auditoría que hemos generado para clientes actuales preparando la evaluación C3PAO.
Solicitar Sesión de Trabajo