BRACKETOLOGY | FEDRAMP
AU-11: AUDIT RECORD RETENTION
-
FedRAMP Baseline Membership AU-11:
- LOW
- MODERATE
- HIGH
FedRAMP Bracketology
Use the FedRAMP Control Membership information above to determine if a control or control enhancement is required for each Impact Baseline — LOW, MODERATE, or HIGH
Click on the panel below each control or control enhancement to review the FedRAMP Impact Baseline-specific control configuration requirements for each of the [BRACKETS] in each control and/or control enhancement.
Review and use Additional Requirements and Guidance to build FedRAMP-compliant controls for your risk-based cybersecurity program.
To change the baseline view in the panel, click on LOW, MODERATE, or HIGH when the panel is open
Panels only appear where there are [BRACKETS] in the control or enhancement or where there is FedRAMP-specific requirements or guidance available.
The organization retains audit records for [Assignment: organization-defined time period consistent with records retention policy] to provide support for after-the-fact investigations of security incidents and to meet regulatory and organizational information retention requirements.
<Click Low | Moderate | High below to see FedRAMP control configuration information. It's in BOLD.
The organization retains audit records for at least ninety (90) days consistent with records retention policy] to provide support for after-the-fact investigations of security incidents and to meet regulatory and organizational information retention requirements.
FedRAMP REQUIREMENT:
The service provider retains audit records on-line for at least ninety days and further preserves audit records off-line for a period that is in accordance with NARA requirements.
The organization retains audit records for at least ninety (90) days consistent with records retention policy] to provide support for after-the-fact investigations of security incidents and to meet regulatory and organizational information retention requirements.
FedRAMP REQUIREMENT:
The service provider retains audit records on-line for at least ninety days and further preserves audit records off-line for a period that is in accordance with NARA requirements.
The organization retains audit records for at least one (1) year consistent with records retention policy] to provide support for after-the-fact investigations of security incidents and to meet regulatory and organizational information retention requirements.
FedRAMP REQUIREMENT:
The service provider retains audit records on-line for at least ninety days and further preserves audit records off-line for a period that is in accordance with NARA requirements.
SUPPLEMENTAL GUIDANCE
Organizations retain audit records until it is determined that they are no longer needed for administrative, legal, audit, or other operational purposes. This includes, for example, retention and availability of audit records relative to Freedom of Information Act (FOIA) requests, subpoenas, and law enforcement actions. Organizations develop standard categories of audit records relative to such types of actions and standard response processes for each type of action. The National Archives and Records Administration (NARA) General Records Schedules provide federal policy on record retention.
RELATED CONTROLS: AU-11
CONTROL ENHANCEMENTS
AU-11 (1) AUDIT RECORD RETENTION | LONG-TERM RETRIEVAL CAPABILITY
The organization employs [Assignment: organization-defined measures] to ensure that long-term audit records generated by the information system can be retrieved.
Supplemental Guidance:
Measures employed by organizations to help facilitate the retrieval of audit records include, for example, converting records to newer formats, retaining equipment capable of reading the records, and retaining necessary documentation to help organizational personnel understand how to interpret the records.
REFERENCES:
- NO REFERENCES