ACR-10.07v1.0

Telemetry data retention policies SHALL be defined and enforced proportional to the system's risk cl

Domain

10 — Domain 10: Monitoring and Telemetry

Eval Method

EIEvidence Inspection

Risk Weight

3 / 10

Applicability

L1L2L3

Description#

Telemetry data retention policies SHALL be defined and enforced proportional to the system's risk classification.

Evaluation Method#

EIEvidence Inspection

Compliance is evaluated through inspection of documentary evidence including architecture documents, configuration artifacts, and operational records.

v1.1 Details#

Profile Applicability

S,A,C

Evaluation Frequency

At-Certification

Platform Cert Eligible

Framework Crosswalk Refs

NIST SP 800-53 AU-11; ISO/IEC 27001 A.8.10

This is a conditional control. Non-compliance with this ACR may result in conditional certification with a mandated remediation period. The Authorized Verification Body will specify the remediation timeline and required evidence for the condition to be cleared. If remediation is not completed within the specified period, the conditional certification will be revoked.

← PreviousACR-10.06: Structured logging with consistent schema SHALL enable automated analysis and cross-system correlati Next →ACR-10.08: Dashboard and reporting capabilities SHALL be provided for operational monitoring and compliance ver

Telemetry data retention policies SHALL be defined and enforced proportional to the system's risk cl

Description#

Evaluation Method#

v1.1 Details#

Classification#