The SharePoint Audit Report is critical to CMMC compliance for several reasons, see the list of reasons below.
Only Sponsor Administrators are able to generate and access the SharePoint Audit Report.
| Feature | Description |
|---|---|
| Monitoring and Accountability: | CMMC requires organizations to maintain detailed records of user activities to ensure accountability. SharePoint audit logs provide a comprehensive record of actions taken within the platform, which is essential for tracking and verifying compliance with security policies. |
| Incident Response: | In the event of a security incident, having access to detailed audit logs allows organizations to quickly identify and respond to potential threats. This aligns with CMMC requirements for timely detection and response to cybersecurity incidents. |
| Data Protection: | SharePoint audit reports help ensure that sensitive data, such as Controlled Unclassified Information (CUI), is being accessed and handled appropriately. This is crucial for meeting CMMC standards for protecting sensitive information. |
| Compliance Verification: | Regularly reviewing audit logs helps organizations verify that they are adhering to CMMC requirements. This ongoing monitoring is necessary for maintaining compliance and preparing for CMMC assessments. |
Generate Audit Report
To generate an audit report:
1. Navigate to the Reports tab.
2. Select a Team.
NOTE: Team selection includes all active and archived Teams in your enclave.
3. Select a Date Range (Last 24 Hours, Last 7 Days, Custom).
NOTE: A Custom Date Range must be less than or equal to 180 days.
4. Click the Generate Report button to initiate the request.
NOTE: If you have not already requested an audit report, an Exostar Audit Reports folder displays in the Team’s General channel. This folder contains all requested audit reports.
IMPORTANT! You will receive an email when the report is ready.
Audit Report Contents
The file name includes the request date and the report type; example:
- 09_Dec_2024_17_29_27_sharepoint_audit_report.xlsx.
The report includes the criteria used to generate the report (team and date range) and the SharePoint audit log entries that match the criteria. Each entry includes:
- Date/time the action was taken (UTC)
- UPN of the user taking the action
- Action taken
- Activity
- Item on which the action was taken
- All channels (shared and private)
Audit Report Activities
The following SharePoint audit log activities are included in the SharePoint Audit Report:
- SharePoint
- SharePointFileOperation
- SharePointSharingOperation
- SharePointListOperation
- SharePointCommentOperation
- SharePointListItemOperation
- SharePointContentTypeOperation
- SharePointFieldOperation
- SharePointSearch
For a detailed list of actions for these activities, please see: https://learn.microsoft.com/en-us/purview/audit-log-activities.