Audit data must be retained for at least one year. If system contains sources and methods intelligence (SAMI), audit data must be retained for at least five years.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-36671 | WN08-AU-000101 | SV-48288r1_rule | ECRR-1 | Medium |
| Description |
|---|
| Audit records are essential for investigating system activity after the fact. Retention periods for audit data are determined based on the sensitivity of the data handled by the system. |
| STIG | Date |
|---|---|
| Windows 8 Security Technical Implementation Guide | 2014-01-07 |
Details
| Check Text ( C-44966r1_chk ) |
|---|
| Determine if the organization has a policy that requires audit data to be retained for at least one year, or at least five years for SAMI data. If the data is not retained for these periods, this is a finding. |
| Fix Text (F-41423r1_fix) |
|---|
| Establish a policy that will ensure the retention of audit data for at least one year generally, and SAMI audit data for at least five years. Ensure the audit retention policy is implemented. |