Detections
Analytics

800-53|AU-11

Title

AUDIT RECORD RETENTION

Description

The organization retains audit records for [Assignment: organization-defined time period consistent with records retention policy] to provide support for after-the-fact investigations of security incidents and to meet regulatory and organizational information retention requirements.

Supplemental

Organizations retain audit records until it is determined that they are no longer needed for administrative, legal, audit, or other operational purposes. This includes, for example, retention and availability of audit records relative to Freedom of Information Act (FOIA) requests, subpoenas, and law enforcement actions. Organizations develop standard categories of audit records relative to such types of actions and standard response processes for each type of action. The National Archives and Records Administration (NARA) General Records Schedules provide federal policy on record retention.

Reference Item Details

Related: AU-4,AU-5,AU-9,MP-6

Category: AUDIT AND ACCOUNTABILITY

Family: AUDIT AND ACCOUNTABILITY

Priority: P3

Baseline Impact: LOW,MODERATE,HIGH

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.1.15.3.1 (L1) Ensure 'Block new requests asking to access location' is set to 'Enabled'WindowsCIS Mozilla Firefox ESR GPO v1.0.0 L1
1.1.28 (L1) Ensure 'Disable Firefox Accounts' is set to 'Enabled'WindowsCIS Mozilla Firefox ESR GPO v1.0.0 L1
1.1.29 (L1) Ensure 'Disable Firefox Studies' is set to 'Enabled'WindowsCIS Mozilla Firefox ESR GPO v1.0.0 L1
1.1.31 (L2) Ensure 'Disable Form History' is set to 'Enabled'WindowsCIS Mozilla Firefox ESR GPO v1.0.0 L2
1.1.40 (L2) Ensure 'New Tab Page' is set to 'Disabled'WindowsCIS Mozilla Firefox ESR GPO v1.0.0 L2
1.1.41 (L1) Ensure 'Offer to save logins' is set to 'Disabled'WindowsCIS Mozilla Firefox ESR GPO v1.0.0 L1
1.2.4.4.3 Set 'System: Control Event Log behavior when the log file reaches its maximum size' to 'Disabled'WindowsCIS Windows 8 L1 v1.0.0
1.2.4.4.4 Set 'Security: Control Event Log behavior when the log file reaches its maximum size' to 'Disabled'WindowsCIS Windows 8 L1 v1.0.0
1.2.4.4.6 Set 'System: Maximum Log Size (KB)' to 'Enabled:20480 or greater'WindowsCIS Windows 8 L1 v1.0.0
1.7.9 - Miscellaneous Enhancements - AIX Auditing - 'cron audit rotation has been implemented'UnixCIS AIX 5.3/6.1 L2 v1.1.0
1.10.10 Ensure email logging is configured for critical to emergencyCiscoCIS Cisco ASA 9.x Firewall L1 v1.1.0
1.19 Ensure that all the expired SSL/TLS certificates stored in AWS IAM are removedamazon_awsCIS Amazon Web Services Foundations L1 3.0.0
18.9.26.1.1 Ensure 'Application: Control Event Log behavior when the log file reaches its maximum size' is set to 'Disabled'WindowsCIS Windows 7 Workstation Level 1 v3.2.0
18.9.26.1.1 Ensure 'Application: Control Event Log behavior when the log file reaches its maximum size' is set to 'Disabled'WindowsCIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0
18.9.26.2.1 Ensure 'Security: Control Event Log behavior when the log file reaches its maximum size' is set to 'Disabled'WindowsCIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0
18.9.26.2.1 Ensure 'Security: Control Event Log behavior when the log file reaches its maximum size' is set to 'Disabled'WindowsCIS Windows 7 Workstation Level 1 v3.2.0
18.9.26.3.1 Ensure 'Setup: Control Event Log behavior when the log file reaches its maximum size' is set to 'Disabled'WindowsCIS Windows 7 Workstation Level 1 v3.2.0
18.9.26.3.1 Ensure 'Setup: Control Event Log behavior when the log file reaches its maximum size' is set to 'Disabled'WindowsCIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0
18.9.26.4.1 Ensure 'System: Control Event Log behavior when the log file reaches its maximum size' is set to 'Disabled'WindowsCIS Windows 7 Workstation Level 1 v3.2.0
18.10.56.3.11.1 (L1) Ensure 'Do not delete temp folders upon exit' is set to 'Disabled'WindowsCIS Microsoft Windows Server 2019 v3.0.1 L1 DC
18.10.56.3.11.1 (L1) Ensure 'Do not delete temp folders upon exit' is set to 'Disabled'WindowsCIS Microsoft Windows 10 Enterprise v3.0.0 L1 + NG
18.10.56.3.11.1 (L1) Ensure 'Do not delete temp folders upon exit' is set to 'Disabled'WindowsCIS Microsoft Windows 10 Stand-alone v3.0.0 L1
18.10.56.3.11.1 (L1) Ensure 'Do not delete temp folders upon exit' is set to 'Disabled'WindowsCIS Microsoft Windows 11 Enterprise v3.0.0 L1
18.10.56.3.11.1 (L1) Ensure 'Do not delete temp folders upon exit' is set to 'Disabled'WindowsCIS Microsoft Windows 11 Stand-alone v3.0.0 L1 + BL
18.10.56.3.11.1 (L1) Ensure 'Do not delete temp folders upon exit' is set to 'Disabled'WindowsCIS Microsoft Windows 10 Stand-alone v3.0.0 L1 BL
18.10.56.3.11.1 (L1) Ensure 'Do not delete temp folders upon exit' is set to 'Disabled'WindowsCIS Microsoft Windows 10 Enterprise v3.0.0 L1 + BL
18.10.56.3.11.1 (L1) Ensure 'Do not delete temp folders upon exit' is set to 'Disabled'WindowsCIS Microsoft Windows 11 Enterprise v3.0.0 L1 + BL
18.10.56.3.11.1 (L1) Ensure 'Do not delete temp folders upon exit' is set to 'Disabled'WindowsCIS Microsoft Windows 11 Stand-alone v3.0.0 L1
18.10.56.3.11.1 (L1) Ensure 'Do not delete temp folders upon exit' is set to 'Disabled'WindowsCIS Microsoft Windows Server 2019 Stand-alone v2.0.0 L1 MS
18.10.56.3.11.1 (L1) Ensure 'Do not delete temp folders upon exit' is set to 'Disabled'WindowsCIS Microsoft Windows 10 Stand-alone v3.0.0 L1 NG
18.10.56.3.11.1 (L1) Ensure 'Do not delete temp folders upon exit' is set to 'Disabled'WindowsCIS Microsoft Windows Server 2019 v3.0.1 L1 MS
18.10.56.3.11.1 (L1) Ensure 'Do not delete temp folders upon exit' is set to 'Disabled'WindowsCIS Microsoft Windows Server 2022 v3.0.0 L1 Domain Controller
18.10.56.3.11.1 (L1) Ensure 'Do not delete temp folders upon exit' is set to 'Disabled'WindowsCIS Microsoft Windows Server 2022 v3.0.0 L1 Member Server
18.10.56.3.11.1 (L1) Ensure 'Do not delete temp folders upon exit' is set to 'Disabled'WindowsCIS Microsoft Windows 10 Enterprise v3.0.0 L1 + BL + NG
18.10.56.3.11.1 (L1) Ensure 'Do not delete temp folders upon exit' is set to 'Disabled'WindowsCIS Microsoft Windows 10 EMS Gateway v3.0.0 L1
18.10.56.3.11.1 (L1) Ensure 'Do not delete temp folders upon exit' is set to 'Disabled'WindowsCIS Microsoft Windows Server 2016 v3.0.0 L1 DC
18.10.56.3.11.1 (L1) Ensure 'Do not delete temp folders upon exit' is set to 'Disabled'WindowsCIS Microsoft Windows Server 2016 v3.0.0 L1 MS
18.10.56.3.11.1 (L1) Ensure 'Do not delete temp folders upon exit' is set to 'Disabled'WindowsCIS Microsoft Windows 10 Stand-alone v3.0.0 L1 BL NG
18.10.56.3.11.1 (L1) Ensure 'Do not delete temp folders upon exit' is set to 'Disabled'WindowsCIS Microsoft Windows 10 Enterprise v3.0.0 L1
18.10.56.3.11.1 Ensure 'Do not delete temp folders upon exit' is set to 'Disabled'WindowsCIS Microsoft Windows Server 2016 STIG v3.0.0 L1 Domain Controller
18.10.56.3.11.1 Ensure 'Do not delete temp folders upon exit' is set to 'Disabled'WindowsCIS Microsoft Windows Server 2016 STIG v3.0.0 L1 MS
18.10.56.3.11.2 (L1) Ensure 'Do not use temporary folders per session' is set to 'Disabled'WindowsCIS Microsoft Windows Server 2019 v3.0.1 L1 DC
18.10.56.3.11.2 (L1) Ensure 'Do not use temporary folders per session' is set to 'Disabled'WindowsCIS Microsoft Windows Server 2022 v3.0.0 L1 Member Server
18.10.56.3.11.2 (L1) Ensure 'Do not use temporary folders per session' is set to 'Disabled'WindowsCIS Microsoft Windows Server 2016 v3.0.0 L1 MS
18.10.56.3.11.2 (L1) Ensure 'Do not use temporary folders per session' is set to 'Disabled'WindowsCIS Microsoft Windows Server 2019 v3.0.1 L1 MS
18.10.56.3.11.2 (L1) Ensure 'Do not use temporary folders per session' is set to 'Disabled'WindowsCIS Microsoft Windows Server 2022 v3.0.0 L1 Domain Controller
18.10.56.3.11.2 (L1) Ensure 'Do not use temporary folders per session' is set to 'Disabled'WindowsCIS Microsoft Windows Server 2016 v3.0.0 L1 DC
18.10.56.3.11.2 (L1) Ensure 'Do not use temporary folders per session' is set to 'Disabled'WindowsCIS Microsoft Windows Server 2019 Stand-alone v2.0.0 L1 MS
18.10.56.3.11.2 Ensure 'Do not use temporary folders per session' is set to 'Disabled'WindowsCIS Microsoft Windows Server 2016 STIG v3.0.0 L1 MS
18.10.56.3.11.2 Ensure 'Do not use temporary folders per session' is set to 'Disabled'WindowsCIS Microsoft Windows Server 2016 STIG v3.0.0 L1 Domain Controller