Skip to main content

💼 AU-11 Audit Record Retention (L)(M)(H)

  • Contextual name: 💼 AU-11 Audit Record Retention (L)(M)(H)
  • ID: /frameworks/fedramp-high-security-controls/au/11
  • Located in: 💼 Audit and Accountability

Description

Retain audit records for [FedRAMP Assignment: a time period in compliance with M-21-31] to provide support for after-the-fact investigations of incidents and to meet regulatory and organizational information retention requirements.

AU-11 Additional FedRAMP Requirements and Guidance:

Guidance: The service provider is encouraged to align with M-21-31 where possible

Requirement: The service provider retains audit records on-line for at least ninety (90) days and further preserves audit records off-line for a period that is in accordance with NARA requirements.

Requirement: The service provider must support Agency requirements to comply with M-21-31

Similar

  • Sections
    • /frameworks/nist-sp-800-53-r5/au/11
  • Internal
    • ID: dec-c-ec0e32b7

Similar Sections (Take Policies From)

SectionSub SectionsInternal RulesPoliciesFlags
💼 NIST SP 800-53 Revision 5 → 💼 AU-11 Audit Record Retention1

Similar Sections (Give Policies To)

SectionSub SectionsInternal RulesPoliciesFlags
💼 FedRAMP Low Security Controls → 💼 AU-11 Audit Record Retention (L)(M)(H)18
💼 FedRAMP Moderate Security Controls → 💼 AU-11 Audit Record Retention (L)(M)(H)18

Sub Sections

SectionSub SectionsInternal RulesPoliciesFlags

Policies (18)

PolicyLogic CountFlags
📝 AWS CloudTrail Log File Validation is not enabled 🟢1🟢 x6
📝 AWS CloudTrail S3 Bucket Access Logging is not enabled. 🟢1🟢 x6
📝 AWS S3 Bucket Server Access Logging is not enabled 🟢1🟢 x6
📝 AWS VPC Flow Logs are not enabled 🟢1🟠 x1, 🟢 x5
📝 Azure Diagnostic Setting for Azure Key Vault is not enabled 🟢🟢 x3
📝 Azure PostgreSQL Flexible Server log_checkpoints Parameter is not set to ON 🟢1🟢 x6
📝 Azure PostgreSQL Flexible Server log_retention_days Parameter is less than 4 days 🟢1🟢 x6
📝 Azure PostgreSQL Single Server log_connections Parameter is not set to ON 🟢1🟢 x6
📝 Azure PostgreSQL Single Server log_disconnections Parameter is not set to ON 🟢1🟢 x6
📝 Azure SQL Server Auditing Retention is less than 90 days 🟢1🟢 x6
📝 Azure Storage Blob Logging is not enabled for Read, Write, and Delete requests 🟢1🟢 x6
📝 Azure Storage Queue Logging is not enabled for Read, Write, and Delete requests 🟢1🟢 x6
📝 Azure Subscription Activity Log Alert for Create or Update Network Security Group does not exist 🟢1🟢 x6
📝 Azure Subscription Activity Log Alert for Create or Update Security Solution does not exist 🟢1🟢 x6
📝 Azure Subscription Activity Log Alert for Create Policy Assignment does not exist 🟢1🟢 x6
📝 Azure Subscription Activity Log Alert for Delete Network Security Group does not exist 🟢1🟢 x6
📝 Azure Subscription Activity Log Alert for Delete Policy Assignment does not exist 🟢1🟢 x6
📝 Azure Subscription Activity Log Alert for Delete Security Solution does not exist 🟢1🟢 x6

Internal Rules

RulePoliciesFlags
✉️ dec-x-0c82d7751
✉️ dec-x-9b79d91f1
✉️ dec-x-9c0416671
✉️ dec-x-20c9ef831
✉️ dec-x-24bba4831
✉️ dec-x-89d5ed7a1
✉️ dec-x-611eaa351
✉️ dec-x-1518c16e1
✉️ dec-x-79579ed71
✉️ dec-x-9002886f1
✉️ dec-x-b1e1a4941
✉️ dec-x-b2ce0ca11
✉️ dec-x-c397d3ca2
✉️ dec-x-db1b7a1b1
✉️ dec-x-dc359e591
✉️ dec-x-e00143332