E-mail audit records must be retained for 1 year.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-18879 | EMG3-071 EMail | SV-20671r1_rule | ECRR-1 | Medium |
| Description |
|---|
| Audit data retention serves as a history that can aid in determining actions executed by users and administrators. Reasons for such research include both malicious actions that may have been perpetrated, as well as legal evidence that might be needed for proof of activity. Audit data records are required to be retained for a period of 1 year. |
| STIG | Date |
|---|---|
| Email Services Policy | 2012-01-31 |
Details
| Check Text ( C-22681r1_chk ) |
|---|
| Interview the IAO or E-mail Administrator. Access documentation that describes data retention for audit records. Criteria: If E-mail audit records are retained for required time period (1 year), this is not a finding. |
| Fix Text (F-19478r1_fix) |
|---|
| Procedure: Ensure that E-mail audit records are categorized and retained for required time period of 1 year. |