From Email Services Policy STIG
Part of EMG3-071 Audit Data Retention
Associated with IA controls: ECRR-1
Audit data retention serves as a history that can aid in determining actions executed by users and administrators. Reasons for such research include both malicious actions that may have been perpetrated, as well as legal evidence that might be needed for proof of activity.
Access EDSP documentation that describes data retention for audit records. Examine artifacts that demonstrate audit data retention for a period of 1 year. If email audit records are retained for required time period (1 year), this is not a finding.
Create a process that details email audit record retention for required time period of 1 year. Document the process in the EDSP.
Lavender hyperlinks in small type off to the right (of CSS
class id, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle or
Accept: application/rdf+xml.
Powered by sagemincer