Title

Email audit records must be retained for 1 year. (Cat II impact)

Discussion

Audit data retention serves as a history that can aid in determining actions executed by users and administrators. Reasons for such research include both malicious actions that may have been perpetrated, as well as legal evidence that might be needed for proof of activity. Audit data records are required to be retained for a period of 1 year.

Check Content

Access EDSP documentation that describes data retention for audit records. Examine artifacts that demonstrate audit data retention for a period of 1 year. If email audit records are retained for required time period (1 year), this is not a finding.

Fix Text

Create a process that details email audit record retention for required time period of 1 year. Document the process in the EDSP.

Additional Identifiers

Rule ID: SV-20671r3_rule

Vulnerability ID: V-18879

Group Title: EMG3-071 Audit Data Retention

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.