AU-11 Audit Record Retention
Retain audit records for au-11_odp to provide support for after-the-fact investigations of incidents and to meet regulatory and organizational information retention requirements.
| Parameter ID | Definition |
|---|---|
| au-11_odp | time period |
Baselines
- L
- M
- H
- P
Guidance
Organizations retain audit records until it is determined that the records are no longer needed for administrative, legal, audit, or other operational purposes. This includes the retention and availability of audit records relative to Freedom of Information Act (FOIA) requests, subpoenas, and law enforcement actions. Organizations develop standard categories of audit records relative to such types of actions and standard response processes for each type of action. The National Archives and Records Administration (NARA) General Records Schedules provide federal policy on records retention.
References 1
- OMB A-130 Office of Management and Budget Memorandum Circular A-130, *Managing Information as a Strategic Resource* , July 2016.
Control Enhancements 1
Related controls 9
- AU-02 Event Logging L M H P
- AU-04 Audit Log Storage Capacity L M H P
- AU-05 Response to Audit Logging Process Failures L M H P
- AU-06 Audit Record Review, Analysis, and Reporting L M H P
- AU-09 Protection of Audit Information L M H P
- AU-14 Session Audit L M H P
- MP-06 Media Sanitization L M H P
- RA-05 Vulnerability Monitoring and Scanning L M H P
- SI-12 Information Management and Retention L M H P