CMMC Practice AU.L2-3.3.8

Audit Protection: Protect audit information and audit logging tools from unauthorized access, modification, and deletion.

Monarch ISC Guidance

This practice requires not only that you assign limited permissions to the log server, but ensuring and monitoring the storage space on your server, and making backups of your log server. The good news is that log files are usually text files and compress very nicely for backup purposes. The suggestion to encrypt them and store them off-site are great too!

Discussion From Source

NIST SP 800-171 R2 Audit information includes all information (e.g., audit records, audit log settings, and audit reports) needed to successfully audit system activity. Audit logging tools are those programs and devices used to conduct audit and logging activities. This requirement focuses on the technical protection of audit information and limits the ability to access and execute audit logging tools to authorized individuals. Physical protection of audit information is addressed by media protection and physical and environmental protection requirements.

References