myctrl.tools
Compare

AU-11(1)Long-Term Retrieval Capability

>Control Description

Employ organization-defined measures to ensure that long-term audit records generated by the system can be retrieved.

>Supplemental Guidance

Organizations need to access and read audit records requiring long-term storage (on the order of years). Measures employed to help facilitate the retrieval of audit records include converting records to newer formats, retaining equipment capable of reading the records, and retaining the necessary documentation to help personnel understand how to interpret the records.

>Assessment Interview Topics

Questions assessors commonly ask

Process & Governance:

  • What formal policies and procedures govern the implementation of AU-11(1) (Long-Term Retrieval Capability)?
  • Who are the designated roles responsible for implementing, maintaining, and monitoring AU-11(1)?
  • How frequently is the AU-11(1) policy reviewed and updated, and what triggers policy changes?
  • What training or awareness programs ensure personnel understand their responsibilities related to AU-11(1)?

Technical Implementation:

  • Describe the specific technical mechanisms or controls used to enforce AU-11(1) requirements.
  • What automated tools, systems, or technologies are deployed to implement AU-11(1)?
  • How is AU-11(1) integrated into your system architecture and overall security posture?
  • What configuration settings, parameters, or technical specifications enforce AU-11(1) requirements?

Evidence & Documentation:

  • What documentation demonstrates the complete implementation of AU-11(1)?
  • What audit logs, records, reports, or monitoring data validate AU-11(1) compliance?
  • Can you provide evidence of periodic reviews, assessments, or testing of AU-11(1) effectiveness?
  • What artifacts would you present during a FedRAMP assessment to demonstrate AU-11(1) compliance?

Ask AI

Configure your API key to use AI features.