zydronium/manage.get.gov
1
0
Fork 0
mirror of https://github.com/cisagov/manage.get.gov.git synced 2025-08-05 01:11:55 +02:00
Code Issues Projects Releases Packages Wiki Activity
manage.get.gov/docs/compliance/dist/system-security-plans/ato/au-11.md
Logan McDonald 1d3dfdb8d5
Add compliance documentation to source control (#116) 
* add initial setup of compliance-trestle
2022-09-14 08:46:43 -04:00

1.5 KiB
Raw Blame History

implementation-status control-origination
c-not-implemented
c-inherited-cloud-gov
c-inherited-cisa
c-common-control
c-system-specific-control

au-11 - [catalog] Audit Record Retention

Control Statement

Retain audit records for time period to provide support for after-the-fact investigations of incidents and to meet regulatory and organizational information retention requirements.

Control guidance

Organizations retain audit records until it is determined that the records are no longer needed for administrative, legal, audit, or other operational purposes. This includes the retention and availability of audit records relative to Freedom of Information Act (FOIA) requests, subpoenas, and law enforcement actions. Organizations develop standard categories of audit records relative to such types of actions and standard response processes for each type of action. The National Archives and Records Administration (NARA) General Records Schedules provide federal policy on records retention.

Control assessment-objective

audit records are retained for time period to provide support for after-the-fact investigations of incidents and to meet regulatory and organizational information retention requirements.

What is the solution and how is it implemented?

Add control implementation description here for control au-11