Description

Audit records are retained to provide support for investigations of information security events and to meet university record retention requirements.

Applicability

  • This Control applies to all Texas A&M University information resources storing or accessing Critical or Confidential data.

  • The intended audience is information resource custodians who are responsible for the installation of new information resources, the operations of existing information resources, and individuals accountable for information resources security

Implementation

  • 1

    The information resource custodian is responsible for:

    • 1.1

      Retaining audit records to provide support for after-the-fact investigations of information security incidents and to meet university record retention requirements:

      • 1.1.1

        Records include system, application, and database-level audit logs and logs for network devices.

    • 1.2

      Archiving audit records for a period of no less than 30 days online;

    • 1.3

      Maintaining audit records associated with known incidents, including those used for legal action, until the incident is closed; and

    • 1.4

      Disposal of audit records when the retention time has expired.