STIGhubSTIGhub
STIGsRMF ControlsCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • RMF Controls
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 7 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← AU-11 — Audit Record Retention

CCI-000167

Definition

Retain audit records for an organization-defined time period to provide support for after-the-fact investigations of incidents and to meet regulatory and organizational information retention requirements.

Parent Control

AU-11Audit Record RetentionAudit and Accountability

Linked STIG Checks (3)

V-222621CAT IIThe ISSO must ensure application audit trails are retained for at least 30 months (12 months active + 18 months cold storage) for applications without SAMI data and five years for applications including SAMI data.Application Security and Development Security Technical Implementation GuideV-206459CAT IIIThe Central Log Server system backups must be retained for a minimum of 5 years for SAMI (Sources and Methods Information) and a minimum of 7 days for non-SAMI on media capable of guaranteeing file integrity for the minimum applicable information retention period.Central Log Server Security Requirements GuideV-251374CAT IIISyslog messages must be retained for a minimum of 30 days online and then stored offline for one year.Network Infrastructure Policy Security Technical Implementation Guide