09.aa - Audit Logging

The Audit Logging control requires organizations to create and protect tamper-resistant logs that record security-relevant events such as user activity, system changes, and access to protected data, with accurate timestamps and source information. Logs must be retained for a defined period, stored securely, and regularly reviewed to support incident detection, investigation, and compliance reporting.