AU-11: Audit Record Retention

Statement

• Retain audit records for time period to provide support for after-the-fact investigations of incidents and to meet regulatory and organizational information retention requirements.

  • • Requirement:

      The service provider retains audit records on-line for at least ninety days and further preserves audit records off-line for a period that is in accordance with NARA requirements.

    • Requirement:

      The service provider must support Agency requirements to comply with M-21-31 (https://www.whitehouse.gov/wp-content/uploads/2021/08/M-21-31-Improving-the-Federal-Governments-Investigative-and-Remediation-Capabilities-Related-to-Cybersecurity-Incidents.pdf)

    • Guidance:

      The service provider is encouraged to align with M-21-31 where possible