UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

AU-11 AUDIT RECORD RETENTION


Overview

Number Title Impact Priority Subject Area
AU-11 Audit Record Retention LOW P3 Audit And Accountability

Instructions
The organization retains audit records for Assignment: organization-defined time period consistent with records retention policy to provide support for after-the-fact investigations of security incidents and to meet regulatory and organizational information retention requirements.
Guidance
Organizations retain audit records until it is determined that they are no longer needed for administrative, legal, audit, or other operational purposes. This includes, for example, retention and availability of audit records relative to Freedom of Information Act (FOIA) requests, subpoenas, and law enforcement actions. Organizations develop standard categories of audit records relative to such types of actions and standard response processes for each type of action. The National Archives and Records Administration (NARA) General Records Schedules provide federal policy on record retention.

Enhancements
AU-11 (1) Long-Term Retrieval Capability
Measures employed by organizations to help facilitate the retrieval of audit records include, for example, converting records to newer formats, retaining equipment capable of reading the records, and retaining necessary documentation to help organizational personnel understand how to interpret the records.

The organization employs Assignment: organization-defined measures to ensure that long-term audit records generated by the information system can be retrieved.