03.03.01 - Event Logging

The au_l_01 control requires organizations to generate and retain logs of security-relevant events on information system components, ensuring that log records capture sufficient detail to support analysis, monitoring, and incident response. It also mandates protection of log integrity, timely review of logged events, and secure storage for a defined retention period.