AU-11 - Audit Record Retention
Control requirements
AU-11 - 0
Retain audit records for [IBM Assignment: online for 90 days and offline for one (1) year] to provide support for after-the-fact investigations of incidents and to meet regulatory and organizational information retention requirements.
Additional IBM Cloud for Financial Services specifications
All records specified by a customer and/or its regulators must be retained according to the specified retention policy. All organizations must comply with customer-specified retention policies.
Implementation guidance
See the resources that follow to learn more about how to implement this control.
NIST supplemental guidance
Organizations retain audit records until it is determined that the records are no longer needed for administrative, legal, audit, or other operational purposes. This includes the retention and availability of audit records relative to Freedom of Information Act (FOIA) requests, subpoenas, and law enforcement actions. Organizations develop standard categories of audit records relative to such types of actions and standard response processes for each type of action. The National Archives and Records Administration (NARA) General Records Schedules provide federal policy on records retention.