Logs should be stored within a central log server or log storage solution provided by the IaaS/SaaS provider. For on-prem and CloudShield2 services, utilizes HUIT SplunkCloud. Follow regulated data retention periods when applicable Examples: NIST 800-92 - Guidelines GBLA – 6 Years HIPAA – 6 Years SOX – 7 Years See also: Level 2, Level 3, Level 4, Level 5, Manage All Servers, SC10, Servers C