💼 AU-11 Audit Record Retention (L)(M)(H)

• ID: /frameworks/fedramp-moderate-security-controls/au/11

Description

Retain audit records for [FedRAMP Assignment: a time period in compliance with M-21-31] to provide support for after-the-fact investigations of incidents and to meet regulatory and organizational information retention requirements.

AU-11 Additional FedRAMP Requirements and Guidance:

Guidance: The service provider is encouraged to align with M-21-31 where possible

Requirement: The service provider retains audit records on-line for at least ninety (90) days and further preserves audit records off-line for a period that is in accordance with NARA requirements.

Requirement: The service provider must support Agency requirements to comply with M-21-31

Similar

• Sections
  • /frameworks/fedramp-high-security-controls/au/11
• Internal
  • ID: dec-c-ec0e32b7

Similar Sections (Take Policies From)

Section	Sub Sections	Internal Rules	Policies	Flags	Compliance
💼 FedRAMP High Security Controls → 💼 AU-11 Audit Record Retention (L)(M)(H)		16	18		no data

Sub Sections

Section	Sub Sections	Internal Rules	Policies	Flags	Compliance

Policies (18)

Policy	Logic Count	Flags	Compliance
🛡️ AWS CloudTrail Log File Validation is not enabled🟢	1	🟢 x6	no data
🛡️ AWS CloudTrail S3 Bucket Access Logging is not enabled.🟢	1	🟢 x6	no data
🛡️ AWS S3 Bucket Server Access Logging is not enabled🟢	1	🟢 x6	no data
🛡️ AWS VPC Flow Logs are not enabled🟢	1	🟠 x1, 🟢 x5	no data
🛡️ Azure Diagnostic Setting for Azure Key Vault is not enabled🟢⚪		🟢 x2, ⚪ x1	no data
🛡️ Azure PostgreSQL Flexible Server log_checkpoints Parameter is not set to ON🟢	1	🟢 x6	no data
🛡️ Azure PostgreSQL Flexible Server log_retention_days Parameter is less than 4 days🟢	1	🟢 x6	no data
🛡️ Azure PostgreSQL Single Server log_connections Parameter is not set to ON🟢	1	🟢 x6	no data
🛡️ Azure PostgreSQL Single Server log_disconnections Parameter is not set to ON🟢	1	🟢 x6	no data
🛡️ Azure SQL Server Auditing Retention is less than 90 days🟢	1	🟢 x6	no data
🛡️ Azure Storage Blob Logging is not enabled for Read, Write, and Delete requests🟢	1	🟢 x6	no data
🛡️ Azure Storage Queue Logging is not enabled for Read, Write, and Delete requests🟢	1	🟢 x6	no data
🛡️ Azure Subscription Activity Log Alert for Create or Update Network Security Group does not exist🟢	1	🟢 x6	no data
🛡️ Azure Subscription Activity Log Alert for Create or Update Security Solution does not exist🟢	1	🟢 x6	no data
🛡️ Azure Subscription Activity Log Alert for Create Policy Assignment does not exist🟢	1	🟢 x6	no data
🛡️ Azure Subscription Activity Log Alert for Delete Network Security Group does not exist🟢	1	🟢 x6	no data
🛡️ Azure Subscription Activity Log Alert for Delete Policy Assignment does not exist🟢	1	🟢 x6	no data
🛡️ Azure Subscription Activity Log Alert for Delete Security Solution does not exist🟢	1	🟢 x6	no data