CMMC requirement 3.3.9 mandates the organizations limit the management of audit logging functions to a subset of privileged users, rather than all system administrators.

We need a way to allow my Huntress team to be an admin in Managed EDR/ITDR, but have NO access to configuring SIEM source settings.