Title

E-mail audit records are not retained for 1 year. (Cat II impact)

Discussion

Audit data retention serves as a history that can aid in determining actions executed by users and administrators. Reasons for such research include both malicious actions that may have been perpetrated, as well as legal evidence that might be needed for proof of activity. Audit data records are required to be retained for a period of 1 year.

Check Content

Interview the IAO or E-mail Administrator. Access documentation that describes data retention for audit records. Criteria: If E-mail audit records are retained for required time period (1 year), this is not a finding.

Fix Text

Procedure: Ensure that E-mail audit records are categorized and retained for required time period of 1 year.

Additional Identifiers

Rule ID: SV-20671r1_rule

Vulnerability ID: V-18879

Group Title:

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.