UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

E-mail audit records must be retained for 1 year.


Overview

Finding ID Version Rule ID IA Controls Severity
V-18879 EMG3-071 EMail SV-20671r1_rule ECRR-1 Medium
Description
Audit data retention serves as a history that can aid in determining actions executed by users and administrators. Reasons for such research include both malicious actions that may have been perpetrated, as well as legal evidence that might be needed for proof of activity. Audit data records are required to be retained for a period of 1 year.
STIG Date
Email Services Policy 2012-01-31

Details

Check Text ( C-22681r1_chk )
Interview the IAO or E-mail Administrator. Access documentation that describes data retention for audit records.

Criteria: If E-mail audit records are retained for required time period (1 year), this is not a finding.
Fix Text (F-19478r1_fix)
Procedure: Ensure that E-mail audit records are categorized and retained for required time period of 1 year.