Log Management and Retention Policy (AU)

This policy outlines the requirements for collecting, storing, monitoring, and retaining logs to ensure compliance with the Cybersecurity Maturity Model Certification (CMMC). It applies to all systems, networks, and devices that process, store, or transmit Federal Contract Information (FCI) or Controlled Unclassified Information (CUI). The policy ensures logs are securely managed and retained for a minimum of one year, supporting security monitoring, forensic investigations, and compliance audits. It emphasizes centralized logging, access controls, continuous monitoring, and secure disposal of logs.