AU-11: Audit Record Retention

NIST Baseline: Low

Privacy Baseline: Yes

DIR Required By: 07/20/2023

Review Date: 05/08/2024

Information resource custodians are responsible for:
- Ensuring that sufficient audit logs are retained to support after-the-fact investigations of information security incidents to meet record retention requirements; and
- Maintaining audit logs associated with known incidents, including those used for legal action, until the incident is closed.

References/Additional Resources/Related Requirements

Texas A&M University System Records Retention Schedule

Tex. Gov’t Code §441.185