>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

SM-10Audit Log Capacity and Retention

>Control Description

Organization allocates audit record storage capacity in accordance with logging storage and retention requirements; Audit logs are retained for 1 year with 90 days of data immediately available for analysis.

Theme

Process

Type

Corrective

Policy/Standard

Logging & Monitoring Standard

>Implementation Guidance

1. Document Organization's Logging Standard which includes logging retention requirements for critical system activity to mandate logs be available for a minimum for 1 year. 2. Implement SIEM tool configuration to retrieve the relevant logs for a minimum period of 1 year with 90 days of logs be available for immediate analysis.

>Testing Procedure

1. Inspect Organization's Logging Standard to determine whether logging retention requirements are defined for critical system activity to mandate logs being available for a minimum for 1 year 2. Inspect sample logs for in-scope services to validate that the SIEM tool stores relevant logs for a minimum period of 1 year with 90 days of logs being available for immediate analysis. 3. Evaluate the SIEM tool configuration to validate the retention settings for 1 year.

>Audit Artifacts

E-SM-01
E-SM-02
E-SM-03

>Framework Mappings

Cross-framework mappings provided by Adobe CCF Open Source under Creative Commons License.

CIS Controls
4

8.1
8.3
8.9
8.10

FedRAMP Rev 5
4

AU-04
AU-11
CA-07
AU-06 (03)

PCI DSS
2

10.5
10.5.1

BSI C5
1

OPS-14

TX-RAMP
3

AU-11
AU-4
CA-7

Ask AI

Configure your API key to use AI features.