AU-11 - Audit Record Retention
Control requirements
- AU-11 - 0
- The organization retains audit records for [IBM Assignment: online for 90 days and offline for one (1) year] to provide support for after-the-fact investigations of security incidents and to meet regulatory and organizational information retention requirements.
Additional IBM Cloud for Financial Services specifications
- All records specified by a customer and/or its regulators must be retained according to the specified retention policy. All organizations must comply with customer-specified retention policies.
Implementation guidance
See the resources that follow to learn more about how to implement this control.
IBM Cloud for Financial Services profile
The rules related to this control that follow are part of the IBM Cloud for Financial Services v1.2.0 profile in IBM Cloud® Security and Compliance Center.
- Check whether Cloud Object Storage quota enforcement is off for buckets that are configured to use Activity Tracker Event Routing
NIST supplemental guidance
Organizations retain audit records until it is determined that they are no longer needed for administrative, legal, audit, or other operational purposes. This includes, for example, retention and availability of audit records relative to Freedom of Information Act (FOIA) requests, subpoenas, and law enforcement actions. Organizations develop standard categories of audit records relative to such types of actions and standard response processes for each type of action. The National Archives and Records Administration (NARA) General Records Schedules provide federal policy on record retention.