Audit data of systems containing sources and methods intelligence (SAMI) must be retained for at least five years.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-40166 | WN12-AU-000202 | SV-52124r1_rule | ECRR-1 | Medium |
| Description |
|---|
| Audit records are essential for investigating system activity after the fact. Retention periods for audit data are determined based on the sensitivity of the data handled by the system. |
| STIG | Date |
|---|---|
| Windows Server 2012 Domain Controller Security Technical Implementation Guide | 2014-01-07 |
Details
| Check Text ( C-46942r2_chk ) |
|---|
| If audit data does not contain SAMI data, this is NA. Determine whether audit data containing SAMI data is retained for at least five years. If audit data containing SAMI data is not retained for at least five years, this is a finding. |
| Fix Text (F-45149r2_fix) |
|---|
| If audit data contains SAMI data, ensure it is retained for at least five years. |