https://cmmcwiki.org/index.php?action=history&feed=atom&title=LLMResponse_CM.L2-3.4.3.dLLMResponse CM.L2-3.4.3.d - Revision history2026-04-20T06:05:13ZRevision history for this page on the wikiMediaWiki 1.43.8https://cmmcwiki.org/index.php?title=LLMResponse_CM.L2-3.4.3.d&diff=1451&oldid=prevDavid: Created page with "I'll help you evaluate how to best collect evidence for the assessment objective "[d] changes to the system are logged" within CM.L2-3.4.3. Based on the CMMC Level 2 Assessment Guide and your assessment approaches, I'll rank the evidence types and prioritize assessment approaches. == Evidence Types Ranking for "[d] changes to the system are logged" == 1. **Artifacts (I1)** - Highest priority evidence type because it provides direct proof that changes are being logged:..."2025-04-06T03:02:50Z<p>Created page with "I'll help you evaluate how to best collect evidence for the assessment objective "[d] changes to the system are logged" within CM.L2-3.4.3. Based on the CMMC Level 2 Assessment Guide and your assessment approaches, I'll rank the evidence types and prioritize assessment approaches. == Evidence Types Ranking for "[d] changes to the system are logged" == 1. **Artifacts (I1)** - Highest priority evidence type because it provides direct proof that changes are being logged:..."</p>
<p><b>New page</b></p><div>I'll help you evaluate how to best collect evidence for the assessment objective "[d] changes to the system are logged" within CM.L2-3.4.3. Based on the CMMC Level 2 Assessment Guide and your assessment approaches, I'll rank the evidence types and prioritize assessment approaches.<br />
<br />
== Evidence Types Ranking for "[d] changes to the system are logged" ==<br />
<br />
1. **Artifacts (I1)** - Highest priority evidence type because it provides direct proof that changes are being logged:<br />
- System-generated change logs<br />
- Audit logs showing configuration changes<br />
- Database records of change history<br />
- Version control system logs<br />
- Change management tool reports showing logged changes<br />
- System backup logs that capture pre and post-change states<br />
<br />
2. **Screen Share (I4)** - Second most valuable evidence type for this objective:<br />
- Live demonstration of how changes are captured in logs<br />
- Real-time viewing of change logging mechanisms<br />
- Display of historical change logs in systems<br />
- Showing how to query or extract change log information<br />
<br />
3. **Documents (I2)** - Third most valuable evidence type:<br />
- Configuration management policy that requires logging of changes<br />
- Procedures describing change logging requirements<br />
- System security plan sections addressing change logging<br />
- Log retention policies for change records<br />
- Change management plan describing logging processes<br />
<br />
4. **Physical Review (I3)** - Lowest priority for this objective since logging is primarily digital:<br />
- Physical access to logging servers or systems<br />
- Observation of automated logging processes<br />
- Physical storage of archived logs (if applicable)<br />
<br />
== Assessment Approach Prioritization ==<br />
<br />
1. **Examine (C1)** - Primary approach because:<br />
- It allows direct review of the actual change logs<br />
- You can verify complete and consistent logging practices<br />
- It demonstrates the integrity and retention of change logs<br />
- Key assessment objects: system audit logs and records, change control records, system configuration settings and associated documentation<br />
<br />
2. **Test (C3)** - Second priority for this objective:<br />
- Verify that all types of changes trigger appropriate logging<br />
- Test that logs capture required details (who, what, when, where)<br />
- Validate log integrity and retention capabilities<br />
- Key assessment objects: mechanisms that implement configuration change control<br />
<br />
3. **Interview (C2)** - Third priority but still important:<br />
- Helps understand logging configurations and practices<br />
- Reveals log management and protection measures<br />
- Identifies any potential gaps in logging coverage<br />
- Key personnel: system or network administrators, personnel with configuration change control responsibilities<br />
<br />
== Practical Implementation Strategy ==<br />
<br />
For optimal assessment of "[d] changes to the system are logged":<br />
<br />
1. Start by examining change logs:<br />
- System audit logs showing configuration changes<br />
- Change management tool logs<br />
- Administrator activity logs<br />
- Look for completeness of information (date/time, user, action, before/after states)<br />
<br />
2. Test the logging mechanisms by:<br />
- Making a controlled change and verifying it's properly logged<br />
- Ensuring different types of changes (hardware, software, configuration) are logged<br />
- Checking that logs are protected from unauthorized modification<br />
- Verifying log retention meets policy requirements<br />
<br />
3. Interview key personnel about:<br />
- Log configuration and management<br />
- Log review processes<br />
- Log protection measures<br />
- Log retention policies and procedures<br />
<br />
This comprehensive approach will provide strong evidence that your organization is meeting the requirement for logging changes to organizational systems, which is essential for CMMC Level 2 compliance.<br />
<br />
When implementing this strategy, focus on demonstrating that the logs:<br />
- Capture all relevant changes<br />
- Include sufficient detail for accountability<br />
- Are protected from tampering<br />
- Are retained for an appropriate period<br />
- Can be retrieved when needed for investigation or audit</div>David