RSA Admin

Log Retention Requirements

Discussion created by RSA Admin Employee on Jul 30, 2008
Latest reply on Oct 21, 2008 by RSA Admin

Does anyone have any kind of information pertaining to log retention requirements? Here is what I've catpured so would be great if anyone knows of more regulations/laws that I don't have listed here.


PCI -> 6 months

Sarbanes-Oxley -> 7 years

HIPAA -> 6 years

GLBA -> Protect customer's personal financial information by "actively monitoring" logs

Basel II -> 7 years

California Security Breach Information Act (SB 1386) -> Detect unauthorized access to personal data.