Task Syslog_Retention¶
Conditions¶
The agency will generate and retain audit logs for a period of 6 months or longer.
Standards¶
Must provide logs for the following for 6 months:
- Firewall Events
- DNS ingress and egress logs
- Domain Controller Events
- Intrusion Detection/Protection Events
- Web Usage
End State¶
Retain all logs identified for 6 months (minimum) to meet the incident response requirements.