Reasonable Retention of Logs at No Extra Cost, v1.0
Specifies requirements in accordance with the DHS CISA Secure-by-Design Pledge, published by the U.S. Dept of Homeland Security (DHS) Cybersecurity and Infrastructure Agency (CISA). Requires an organization to retain logs for a reasonable period (e.g., 6 months) at no extra cost for all of its cloud-based or Software-as-a-Service (SaaS) product and service offerings.
Assessment Step
|
1
Reasonable Retention of Logs at No Extra Cost (ReasonableRetentionofLogsatNoExtraCost)
Does the organization retain logs for a reasonable period (e.g., 6 months) at no extra cost for all of its cloud-based or Software-as-a-Service (SaaS) product and service offerings?
Artifact
A1
Provide evidence (e.g. organizational policies, procedures, compliance/assessment reports, etc.) and supporting notes as appropriate to support the assessor's response to this assessment step.
|
Conformance Criteria (1)
|
Reasonable Retention of Logs at No Extra Cost
The organization must retain logs for a reasonable period (e.g., 6 months) at no extra cost for all of its cloud-based or Software-as-a-Service (SaaS) product and service offerings.
Citation
SBDP
(doc)
|