TheAudit and Accountability (AU) domainis one of the14 familiesof security requirements inNIST SP 800-171 Rev. 2, which is fully adopted byCMMC 2.0 Level 2.
A. Level 1→Incorrect
CMMCLevel 1only includes17 basic FAR 52.204-21 safeguarding requirementsand does not coverAudit and Accountability (AU)practices.
B. Level 2→Correct
TheAU domain is required at Level 2, which aligns withNIST SP 800-171.
CMMC 2.0 Level 2includes110 security controls, among whichAU-related controlsfocus on logging, monitoring, and accountability.
C. Levels 1 and 2→Incorrect
Level 1 does not requireaudit and accountability practices.
D. Levels 1 and 3→Incorrect
CMMC 2.0 only has Levels 1, 2, and 3, andAU is present in Level 2, making Level 3 irrelevant for this answer.
NIST SP 800-171 Rev. 2 (Audit and Accountability - Family 3.3)
TheAU domainconsists of security controls3.3.1 – 3.3.8, focusing on audit log generation, retention, and accountability.
CMMC 2.0 Level 2 Practices (Aligned with NIST SP 800-171)
AU practices (Audit and Accountability) are only required at Level 2.
Analysis of the Given Options:Official References Supporting the Correct Answer:Conclusion:TheAU domain applies only to CMMC 2.0 Level 2, making the correct answer:
✅B. Level 2.
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit