AU-11 - Audit Record Retention

Control requirements

AU-11 - 0

The organization retains audit records for [IBM Assignment: online for 90 days and offline for one (1) year] to provide support for after-the-fact investigations of security incidents and to meet regulatory and organizational information retention requirements.

Additional IBM Cloud for Financial Services specifications

• All records specified by a customer and/or its regulators must be retained according to the specified retention policy. All organizations must comply with customer-specified retention policies.

Implementation guidance

See the resources that follow to learn more about how to implement this control.

• Audit logging of application provider events and SIEM
• Audit logging of IBM Cloud events
• IBM Cloud account setup
• Setting up an operational logging solution

IBM Cloud for Financial Services profile

The rules related to this control that follow are part of the IBM Cloud for Financial Services v1.2.0 profile in IBM Cloud® Security and Compliance Center.

• Check whether Cloud Object Storage quota enforcement is off for buckets that are configured to use Activity Tracker Event Routing

NIST supplemental guidance

Organizations retain audit records until it is determined that they are no longer needed for administrative, legal, audit, or other operational purposes. This includes, for example, retention and availability of audit records relative to Freedom of Information Act (FOIA) requests, subpoenas, and law enforcement actions. Organizations develop standard categories of audit records relative to such types of actions and standard response processes for each type of action. The National Archives and Records Administration (NARA) General Records Schedules provide federal policy on record retention.