GRCWatch
Sign inStart free trial

AU.L2-3.3.6: Audit Record Reduction and Reporting

Audit record reduction and reporting is a critical CMMC Level 2 control that enables your organization to filter, summarize, and analyze security logs at scale. This control ensures you can identify threats and compliance issues without drowning in raw log data. Implementing effective reduction mechanisms saves time, improves visibility, and demonstrates audit readiness to assessors.

What this means

This control requires you to establish processes and tools that reduce audit log volume while preserving actionable security insights. Audit record reduction involves filtering, aggregating, or summarizing logs based on predefined criteria—removing noise while retaining events relevant to security monitoring, incident response, and compliance investigations. Report generation capabilities must support on-demand analysis, allowing your security team to quickly pull relevant audit data for investigations, compliance reviews, and stakeholder reporting.

How to comply

  1. 1.Define audit log reduction criteria based on your security monitoring needs and compliance obligations
  2. 2.Configure automated log filtering to remove non-essential events while preserving security-relevant records
  3. 3.Implement log aggregation and correlation tools to summarize related events into actionable alerts
  4. 4.Establish report templates for recurring compliance and security reviews
  5. 5.Test report generation workflows to ensure timely delivery of on-demand audit analysis
  6. 6.Document your reduction and reporting processes in your System Security Plan (SSP)
  7. 7.Review and update reduction rules regularly as threats and business requirements evolve

Evidence auditors look for

  • Log reduction policy defining which event types are retained, aggregated, or discarded
  • Configuration documentation showing active log filtering rules in your SIEM or logging solution
  • Sample audit reports generated from your reduction and reporting system
  • Audit logs demonstrating that reduction processes preserve security-relevant events
  • Report templates and scheduling documentation for recurring compliance reports
  • Testing records validating that your reporting system generates accurate, timely output
  • Change logs showing updates to reduction criteria and report configurations

Frequently asked questions

When will FAQs be available?

The FAQ for this control is currently being prepared.

GRCWatch automates audit log reduction rule configuration and generates on-demand CMMC compliance reports directly from your security tools, eliminating manual log analysis and reducing audit preparation time by weeks.

See how GRCWatch handles this control automatically

Start free trial

Related controls

AU.L2-3.3.1 — Audit and AccountabilityAU.L2-3.3.2 — Audit Event TypesAU.L2-3.3.4 — Audit StorageSI.L2-3.13.1 — Information System Monitoring