Email audit records must be retained for 1 year.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-18879 | EMG3-071 EMail | SV-20671r3_rule | ECRR-1 | Medium |
| Description |
|---|
| Audit data retention serves as a history that can aid in determining actions executed by users and administrators. Reasons for such research include both malicious actions that may have been perpetrated, as well as legal evidence that might be needed for proof of activity. Audit data records are required to be retained for a period of 1 year. |
| STIG | Date |
|---|---|
| Email Services Policy STIG | 2015-03-10 |
Details
| Check Text ( C-22681r3_chk ) |
|---|
| Access EDSP documentation that describes data retention for audit records. Examine artifacts that demonstrate audit data retention for a period of 1 year. If email audit records are retained for required time period (1 year), this is not a finding. |
| Fix Text (F-19478r2_fix) |
|---|
| Create a process that details email audit record retention for required time period of 1 year. Document the process in the EDSP. |