Overview:
The organization retains audit records for [Assignment: organization-defined time period consistent with records retention policy] to provide support for after-the-fact investigations of security incidents and to meet regulatory and organizational information retention requirements.
Supplemental Guidance:
Organizations retain audit records until it is determined that they are no longer needed for administrative, legal, audit, or other operational purposes. This includes, for example, retention and availability of audit records relative to Freedom of Information Act (FOIA) requests, subpoenas, and law enforcement actions. Organizations develop standard categories of audit records relative to such types of actions and standard response processes for each type of action. The National Archives and Records Administration (NARA) General Records Schedules provide federal policy on record retention.
Related controls: AU-4, AU-5, AU-9, MP-6.
Action Items:
1) Ensure audit logs are stored in a protected manner for a specified period of time
Related Documents:
1) Audit and Accountability Policy
2) Logging and Monitoring Policy
3) Backup Policy
Additional Guidance:
Moderate FedRAMP-Defined Assignment / Selection Parameters
[at least ninety days]
Moderate Additional FedRAMP Requirements and Guidance
AU-11 Requirement: The service provider retains audit records on-line for at least ninety days and further preserves audit records off-line for a period that is in accordance with NARA requirements.
Article ID: 623
Created: September 29, 2022
Last Updated: September 29, 2022
Author: Matthew Burdick
Online URL: http://www.compliancewiki.org/article/fedramp-audit-record-retention-au-11-623.html