Skip to Content

US National Archives and Records Administration Updates Record Retention Rules

The US National Archives and Record Administration (NARA) has updated its General Records Schedule (GRS), which establishes rules for record retention. The update includes new requirements for how long government entities must retain cybersecurity logs and other network data. The updates GRS mandates that federal agencies must keep full capture packet data for at least 72 hours and cybersecurity event logs for 30 months.


  • Both Packet Capture (PCAP) and event logs are important data sources for forensic teams investigating a cyber breach. While some cybersecurity professionals might question maintaining PCAP data for a minimum 72 hours, it’s a reasonable balance between storage requirements and equipping the cyber defender.
  • This only applies to the logs, not the data or content on systems that generated those logs. This means keep logs on centralized logging infrastructure, so you don’t miss retention requirements with lifecycle activities of the systems generating logs. This ties back to directives contained in the May 2021 Cyber Security Executive Order (EO 14028).
  • Enterprises should consider similar retention rules to facilitate both routine management and necessary forensics.




    Ads Blocker Image Powered by Code Help Pro

    Ads Blocker Detected!!!

    This site depends on revenue from ad impressions to survive. If you find this site valuable, please consider disabling your ad blocker.