AU-11 Audit Record Retention

Control: The organization retains audit records for [Assignment: organization-defined time period] to provide support for after-the-fact investigations of security incidents and to meet regulatory and organizational information retention requirements.

Supplemental Guidance: The organization retains audit records until it is determined that they are no longer needed for administrative, legal, audit, or other operational purposes. This includes, for example, retention and availability of audit records relative to Freedom of Information Act (FOIA) requests, subpoena, and law enforcement actions. Standard categorizations of audit records relative to such types of actions and standard response processes for each type of action are developed and disseminated. NIST Special Publication 800-61 provides guidance on computer security incident handling and audit record retention.

Control Enhancements: (0) None.

Baseline: LOW AU-11 MOD AU-11 HIGH AU-11

Family: Audit And Accountability

Class: Technical

ISO 17799 mapping: 10.10.1, 15.1.3

COBIT 4.1 mapping: None.

PCI-DSS v2 mapping: 10.7