Navigate

CCI-000167

CCI-000167 Definition

The organization retains audit records for an organization-defined time period to provide support for after-the-fact investigations of security incidents and to meet regulatory and organizational information retention requirements.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

The organization being inspected/assessed will take action to ensure it retains audit records for 5 years for SAMI; otherwise for at least 1 year to provide support for after-the-fact investigations of security incidents and to meet regulatory and organizational information retention requirements. DoD has defined the time period as 5 years for SAMI; otherwise for at least 1 year.

Validation Procedures

The organization conducting the inspection/assessment reviews the information system audit records and any other relevant documents or records to ensure the organization being inspected/assessed retains its audit records for 5 years for SAMI; otherwise for at least 1 year. DoD has defined the time period as 5 years for SAMI; otherwise for at least 1 year.

Compelling Evidence

1.) Signed and dated audit and accountability policy 2.) After action reports which include audit logs

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-000167.

Control	Description
AU-11	The organization retains audit records for [Assignment: organization-defined time period consistent with records retention policy] to provide support for after-the-fact investigations of security incidents and to meet regulatory and organizational information retention requirements.