In this edition of the On Call Compliance Solutions Compliance Tip of the Week, we are talking about what’s up with all of these weird controls in NIST SP 800-171 requiring you to review and audit logs from the systems that may contain secure information.
Let's look at Control 3.3.1 – Create and retain system audit logs and records to the extent needed to enable the monitoring, analysis, investigation, and reporting of unlawful or unauthorized system activity.
So what this is really all about is the concept that if you don’t have a system proactively reporting what is going on with your systems all the time, you have no way to truly protect yourself.