This is an often asked question by almost every prospect of ours. Why should you hold on to all kinds of logs for 365 days?
Log collection is an extremely important part of maintaining compliance. You would not want ot take retention of your logs for granted just in case an audit becomes necessary; besides it is required for compliance. All event and activity logs, remote control logs and firewall logs should be retained for 365 days. Collecting, monitoring, alerting and retaining necessary logs from all devices within your card data environment (CDE) is an absolutely critical part of PCI compliance.
Never assume your vendor is retaining them because in several instances, vendors may only be retaining 30-90 days’ worth of logs by default. Contact your providers to verify your logs are being handled and stored properly so you don’t have to worry about where to go in the event of a breach.
Omega is an experienced and expert Managed Security Services Provider. We are in the business to protect you and your customer. Call us for a free 30-minute assessment of your network environment. If you need a quick free online compliance check, go here.