TroutTrout

Exigences de journalisation CMMC Contrôles du domaine AU mappés sur Access Gate.

Le domaine AU de CMMC Niveau 2 correspond à neuf contrôles NIST 800-171. La plupart des échecs C3PAO dans ce domaine remontent à une cause unique : l'organisation a capturé des journaux mais ne peut pas prouver l'inviolabilité, la rétention ou l'attribution au niveau de la session. Cette page mappe chaque contrôle AU à la preuve spécifique générée par Access Gate.

Pourquoi la plupart des implémentations de journalisation CMMC échouent à l'audit.

Un SIEM qui ingère le syslog du pare-feu ne suffit pas. Le domaine AU exige des enregistrements par utilisateur, par session et infalsifiables qui résistent à un examen forensique. Access Gate génère les preuves d'audit que requiert le domaine AU. Chaque session est journalisée au proxy avec identité utilisateur, horodatage, actif, protocole et rejeu de session complet. Les journaux sont infalsifiables grâce au chaînage par hash et à la signature validée FIPS. La rétention par défaut est de 90 jours sur site, exportable vers votre SIEM ou un stockage isolé.

Mappage des contrôles

AU.L2-3.3.1 à 3.3.9.

Chaque contrôle ci-dessous indique ce qu'exige CMMC, ce qu'Access Gate produit comme preuve, et l'artefact spécifique que votre C3PAO examinera.

AU.L2-3.3.1Audit Events
What CMMC Requires

Create and retain system audit logs and records to enable monitoring, analysis, investigation, and reporting of unlawful or unauthorized system activity.

Access Gate Evidence

Access Gate logs every proxied session with user, timestamp, source/destination, protocol, and full session payload (when enabled). Logs are written to an append-only store with hash chaining; tampering breaks the chain and is flagged on read.

AU.L2-3.3.2User Accountability
What CMMC Requires

Ensure that the actions of individual system users can be uniquely traced to those users so they can be held accountable for their actions.

Access Gate Evidence

Every session is bound to an authenticated identity at the proxy boundary. Service accounts and shared credentials are blocked by policy. The audit record names the human user who initiated the session, even when the underlying asset uses a shared credential.

AU.L2-3.3.3Audit Record Content
What CMMC Requires

Review and update logged events.

Access Gate Evidence

Access Gate's logged event taxonomy is policy-driven and version-controlled. Updates ship with each release with a documented changelog suitable for inclusion in your SSP.

AU.L2-3.3.4Audit Failure Alerting
What CMMC Requires

Alert in the event of an audit logging process failure.

Access Gate Evidence

Access Gate self-monitors the log pipeline. Failure to write to the store, exhaustion of disk space, or loss of connection to a forwarded SIEM all generate immediate alerts via syslog, webhook, or email.

AU.L2-3.3.5Audit Correlation
What CMMC Requires

Correlate audit record review, analysis, and reporting processes for investigation and response to indications of unlawful, unauthorized, suspicious, or unusual activity.

Access Gate Evidence

Access Gate exports normalized, structured logs (CEF, JSON, syslog) suitable for SIEM correlation. Built-in dashboards group sessions by user, asset, and time window for in-tool review when no external SIEM is deployed.

AU.L2-3.3.6Audit Reduction & Reporting
What CMMC Requires

Provide audit record reduction and report generation to support on-demand analysis and reporting.

Access Gate Evidence

Access Gate generates pre-built C3PAO evidence packages on demand: per-user activity reports, per-asset access histories, and policy-violation summaries. Output formats are CSV, PDF, and structured JSON.

AU.L2-3.3.7Authoritative Time Source
What CMMC Requires

Provide a system capability that compares and synchronizes internal system clocks with an authoritative source to generate time stamps for audit records.

Access Gate Evidence

Access Gate runs NTP synchronization against operator-configured time sources by default. Time drift exceeding policy thresholds is logged and alerted.

AU.L2-3.3.8Audit Information Protection
What CMMC Requires

Protect audit information and audit logging tools from unauthorized access, modification, and deletion.

Access Gate Evidence

Audit storage is segregated from operational data and access-controlled by RBAC. Hash-chained records prevent silent modification. Logs can be FIPS-signed and forwarded to write-once storage for jurisdictions that require it.

AU.L2-3.3.9Privileged Audit Management
What CMMC Requires

Limit management of audit logging functionality to a subset of privileged users.

Access Gate Evidence

Audit configuration is gated behind a dedicated 'audit-admin' role distinct from system administration. Changes to audit policy themselves generate audit records, providing accountability for the auditors.

Visualisez vos preuves du domaine AU en 30 minutes.

Demandez une session de travail avec notre équipe conformité. Nous vous montrerons les dossiers d'audit que nous avons générés pour les clients actuels préparant l'évaluation C3PAO.

Demander une session de travail

Related CMMC Resources