Looks like your client needs to be CMMC compliant. CMMC does apply to all devices on your network of course, no matter what the OS. It's generally a good idea anyways to monitor all end points, and not just a select few.
Just running Windows with AD is obviously not enough to get your CMMC compliant, you will need to invest in some sort of log management software / SIEM. Unfortunately it's somewhat of a challenge to find something that works for the budget of small companies - most SIEMs are either expensive, overkill, difficult to setup or all of it :-).
If they have to be CMMC compliant, then the requirements you posted are only a part of it of course, they may need other things like MFA etc. I do have some experience with CMMC so I can give you some hints. You can PM me.
The first thing you'll want to do for them is make sure they have the correct audit policy on their network. So this is completely separate from the software you'll end up slapping on it - this ensures that the audit data is at least being captured. Take a look here: https://system32.eventsentry.com/compliance/CMMC. Again, do this regardless of what you'll end up deploying.
I found EventSentry to cover the logging requirements for CMMC pretty well, they have more information here. Nice thing about their solution is that they have a bunch of reports, packages etc. built-in for CMMC. And it doesn't cost an arm and a leg.
Hope that helps.