What is the role of audit logging in MDC3 security controls?

Audit logging captures a chronological record of access events and security-related activities, creating a traceable history of what happened in the system. In MDC3 security controls, its role is to provide evidence for regulatory compliance, support investigations and forensics after security incidents, and help detect and analyze abnormal activity by showing who performed which actions, on what resources, and when. This enables verification of permissions, accountability, and post-event analysis. It is not meant to replace multi-factor authentication, automatically grant permissions, or hide user activity; those would undermine security objectives. Logs should be collected, protected, and retained so they can be reviewed when needed.